Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
IRELAND’S DATA PROTECTION Commissioner has launched a statutory inquiry into Facebook’s password storage after the social media giant revealed that it stored millions of accounts’ passwords in plain text on its internal servers.
In March Facebook announced in a blog post that a routine security review carried out in January found the passwords were being stored in a readable format on its data storage systems.
It said it would be contacting “hundreds of millions” of users to make them aware that their password was involved in the glitch. Last week the company updated the post to say that it now estimates that the issue has also impacted “millions” of Instagram users.
A Facebook source told cyber security blog KrebsOnSecurity that more than 20,000 Facebook employees had access to the passwords.
Today the DPC announced it would be investigating whether Facebook broke EU data rules by storing users’ passwords in this manner.
As Ireland hosts Facebook’s European headquarters, under the EU’s General Data Protection Regulation’s (GDPR) the DPC is Facebook’s lead regulator in Europe.
“The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers,” it said in a statement.
We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.
Earlier this year the DPC said it is conducting seven statutory inquiries into Facebook and three-more into Whatsapp and Instagram. It said it expects to wrap up the first of these probes in the summer and the rest by the end of the year.
A firm found to have broken EU data processing and handling rules can be fined up to 4% of their global revenue from the prior financial year.
To embed this post, copy the code below on your site
Hows about signing a book of condolences. Are we still ok with this you daft bunch in the OPW?
@Paul Furey: Agree – we need to call out daft decision making in civil service and govt bodies , this is just daft daft daft nonsense – creating a solution when there is no problem – GDPR is designed to protect how our personal data could be abused – simply idiotic to try say theres a problem with a visitor book – at most they could have suggested they only ask for name -where from -comment but still the fact they wen t looking for this as a problem shows the mentality – when are going to reform our civil service and public sector quangoes – cost us a fortune in taxes to fund – but increasingly obvious they are not fit for purpose in so many cases – not a day passes in ireland when there isnt a father ted story of buffonery
@Paul Furey: Not so daft… clever ploy to get assigned to training course on ” visitor book data compliance and procedures”. Then there will be the mandatory train the trainer sessions, 6 monthly refresher training and the amended guidelines process review after year 1 evaluation workshops. And start the process all over again.
@Paul Furey: it is very unlikely to be in scope of the GDPR
Data protection….it’s as useful as an ashtray on a motor bike
@brian reid: some Harley Davidson motorcycles come with ashtrays you put cigarettes ends into them
Lunatics – Asylum – Takeover.
PC gone crazier than usual
@Roger Kennington: you need to check the definition of PC I think
Just waiting for GDPR to be included in a wedding ceremony. Sign registry and GDPR.
@John Horan: not in scope: household activity
Maybe make them iPads and give them that annoying “cookies allowed” pop up box?
Due to all of this GDPR hyperactivity, members of the public have contacted the Data Commissioner complaining about patient charts being visible at all anywhere within a hospital (for example at an outpatient clinic), patient names being called out at clinics and members of staff walking around hospitals with patient charts visible in their hands. People have lost the run of themselves.
@Sirius: pople have lost the run of themselves -but a lot of people are just idiots and need to told as much – the political correctness / waiting to be outraged need to told they are being idiots when they are being idiots – when somebody says -but GDPR you can sure they haven’t a rats what they actually mean and need to be told where to go…..honestly some of the nonsense ya hear —–just tell people to suck it up and let them get offended and outraged – as Bais Fawlty says – we should let them all burn..
It amazes me that our civil service do not understand GDPR, a signature or name alone does not create a data subject therefore there is no need stop visitor books or books of condolences
Ridiculous.
The problem is the DPC can’t even give a straight answer. “It is not clear”, “it may not be” etc, etc,. This would have to go to a Court for a decision. No wonder some are taking a cautious approach, they’re afraid of being sued and they can’t get a clear, unequivocal answer from the DPC. This is what gives the EU a bad name.
@Symbolism: right. And the fine is 20 million. And ‘it’s not clear’ if you could appeal it.
@Symbolism: idiotic decisions from our Irish public sector cannot be passed off as something that ‘gives the EU a bad name’ – jesus wept
@Symbolism: it probably depends on the question they were asked and the journalist understanding the answer based on their GDPR knowledge
The muppets who signed this off should be sacked. Common sense must prevail.
@Martin Conway: Sacking someone for removing a visitors book is hardly common sense.
@Martin Conway: Why would you want to collect people’s names and addresses, though?
This says it all!!!! What utter rubbish this misuse of GDPR is
GDPR is going to be a gold mine for the legal profession in the coming years.
At some point people have to take responsibility for their own actions. We cannot legislate for every possible situation, and by trying to keep people safe from themselves, we are making them dependent on an all seeing and all knowing legislature, hmm..
Society should be enabling critical thinking, the capacity to ask oneself, when signing a visitors book, why am I doing this? What is enough information?
So before doing something ask yourself:
Why am I doing this? (To help tourist board accumulate data on tourism)
What is the purpose of the activity? (To gather data)
How much information do they need? (Town or Province Country)
Am I willing to make that information available publicly, (in the case of a visitors’ book open for anyone to read through)
Used by people to hide something from others.
Well this problem is not just with the civil service.
I was checking into a hotel a while ago. The receptionist pushed the room key across the counter to me and told me that under GDPR that she couldn’t tell me my room number in case someone else heard it.
When I asked where this idea came I was told that a GDPR trainer told them. It makes me wonder what other sort of nonsense came out of these courses.
@Shay Bourke: That sounds like discreet and sensible advice to me. Have you never noticed anyone putting a round of drinks on a bill and giving your room number? Although I imagine the main problem is drunks at a wedding trying to get into the wrong room.
It will be rolled out for dignatarys though!
Hey very cool site!! Man .. Excellent .. Amazing .. Ill bookmark your web site and take the feeds alsoI am happy to find so many useful info here in the post, we need work out more strategies in this regard, thanks for sharing. .
have your say