Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Legal Action Against Meta. Show all posts
Privacy
Ads Data Privacy data security DPC EU European Cyber Security European Union Legal Action Against Meta Meta Chatbots Meta Data personalized ads Privacy

WhatsApp Ads Delayed in EU as Meta Faces Privacy Concerns

 

Meta recently introduced in-app advertisements within WhatsApp for users across the globe, marking the first time ads have appeared on the messaging platform. However, this change won’t affect users in the European Union just yet. According to the Irish Data Protection Commission (DPC), WhatsApp has informed them that ads will not be launched in the EU until sometime in 2026. 

Previously, Meta had stated that the feature would gradually roll out over several months but did not provide a specific timeline for European users. The newly introduced ads appear within the “Updates” tab on WhatsApp, specifically inside Status posts and the Channels section. Meta has stated that the ad system is designed with privacy in mind, using minimal personal data such as location, language settings, and engagement with content. If a user has linked their WhatsApp with the Meta Accounts Center, their ad preferences across Instagram and Facebook will also inform what ads they see. 

Despite these assurances, the integration of data across platforms has raised red flags among privacy advocates and European regulators. As a result, the DPC plans to review the advertising model thoroughly, working in coordination with other EU privacy authorities before approving a regional release. Des Hogan, Ireland’s Data Protection Commissioner, confirmed that Meta has officially postponed the EU launch and that discussions with the company will continue to assess the new ad approach. 

Dale Sunderland, another commissioner at the DPC, emphasized that the process remains in its early stages and it’s too soon to identify any potential regulatory violations. The commission intends to follow its usual review protocol, which applies to all new features introduced by Meta. This strategic move by Meta comes while the company is involved in a high-profile antitrust case in the United States. The lawsuit seeks to challenge Meta’s ownership of WhatsApp and Instagram and could potentially lead to a forced breakup of the company’s assets. 

Meta’s decision to push forward with deeper cross-platform ad integration may indicate confidence in its legal position. The tech giant continues to argue that its advertising tools are essential for small business growth and that any restrictions on its ad operations could negatively impact entrepreneurs who rely on Meta’s platforms for customer outreach. However, critics claim this level of integration is precisely why Meta should face stricter regulatory oversight—or even be broken up. 

As the U.S. court prepares to issue a ruling, the EU delay illustrates how Meta is navigating regulatory pressures differently across markets. After initial reporting, WhatsApp clarified that the 2025 rollout in the EU was never confirmed, and the current plan reflects ongoing conversations with European regulators.
Read more »
Supreme Court
Cyber Security Data Disclosure Attack data security Facebook Legal Action Against Meta Meta Meta Platforms Supreme Court

Supreme Court Weighs Shareholder Lawsuit Against Meta Over Data Disclosure

 

The U.S. Supreme Court is deliberating on a high-stakes shareholder lawsuit involving Meta (formerly Facebook), where investors claim the tech giant misled them by omitting crucial data breach information from its risk disclosures. The case, Facebook v. Amalgamated Bank, centers around the Cambridge Analytica scandal, where a British firm accessed data on millions of users to influence U.S. elections. While Meta had warned of potential misuse of data in its annual filings, it did not disclose that a significant breach had already occurred, potentially impacting investors’ trust. During oral arguments, liberal justices voiced concerns over the omission. 

Justice Elena Kagan likened the situation to a company that warns about fire risks but withholds that a recent fire already caused severe damage. Such a lack of disclosure, she argued, could be misleading to “reasonable investors.” The plaintiffs’ attorney, Kevin Russell, echoed this sentiment, asserting that Facebook’s omission misrepresented the severity of risks investors faced. On the other hand, conservative justices expressed concerns about expanding disclosure requirements. Chief Justice John Roberts questioned whether mandating disclosures of all past events might lead to over-disclosure, which could overwhelm investors with excessive details. Justice Brett Kavanaugh suggested the SEC, rather than the courts, might be better positioned to clarify standards for corporate disclosures. 

The Biden administration supports the plaintiffs, with Assistant Solicitor General Kevin Barber describing the case as an example of a misleading “half-truth.” Meta’s attorney, Kannon Shanmugam, argued that such broad requirements could dissuade companies from sharing forward-looking risk factors, fearing potential lawsuits for any past incident. Previously, the Ninth Circuit found Meta’s general warnings about potential risks misleading, given the company’s awareness of the Cambridge Analytica breach. The Court held that such omissions could harm investors by implying that no significant misuse had occurred. 

If the Supreme Court sides with the plaintiffs, companies could face new expectations to disclose known incidents, particularly those affecting data security or reputational risk. Such a ruling could reshape corporate disclosure practices, particularly for tech firms managing sensitive data. Alternatively, a ruling in favor of Meta may uphold the existing regulatory framework, granting companies more discretion in defining disclosure content. This decision will likely set a significant precedent for how companies balance transparency with investors and risk management.
Read more »
UN Fine
Data Breach Legal Action Against Meta Meta Meta Penalized UN Fine

Meta Penalized $101 Million for Storing Passwords in Plaintext, Faces Heightened EU Oversight

 

Meta, the parent company of Facebook, has been fined Euro 91 million (USD 101 million) by the Irish Data Protection Commission (DPC) following the revelation that the company stored millions of user passwords in plaintext.  

Plaintext refers to readable data that does not need a decryption key to access. It can be any file or message, including text or binary data, that has not been encrypted yet. Plaintext is often used in tasks like document writing, coding, and email. In encryption, plaintext is the input that gets converted into ciphertext, which is the secured, unreadable version.

The breach, discovered during an internal review and disclosed in 2019, involved sensitive user data being accessible to over 2,000 engineers, who collectively queried the password database more than 9 million times. This fine adds to Meta’s growing list of penalties under the European Union’s General Data Protection Regulation (GDPR), which has cost the company more than Euro 2 billion since the regulation was introduced in 2018. Notably, Meta is appealing a record Euro 1.2 billion fine issued last year, making the company one of the most scrutinized by European regulators. 

Meta identified the security lapse during a routine check of its data storage practices. The company stated that no evidence was found to suggest that any internal personnel had misused the passwords or that external entities had accessed the data. Despite these assurances, the incident brought to light a major oversight, as modern security protocols universally require passwords to be encrypted through cryptographic hashing rather than stored in plaintext. 

Password hashing, the standard across most industries, ensures that original passwords cannot be easily retrieved. Algorithms like Bcrypt, PBKDF2, and SHA512crypt are specifically designed to slow down attempts to crack hashed passwords, using computationally expensive processes that deter attackers. Meta's failure to employ such methods represents a serious departure from accepted practices. 

Graham Doyle, Deputy Commissioner at the DPC, highlighted the risks of Meta’s actions: "Storing user passwords in plaintext is widely recognized as a significant security vulnerability. Such data must be protected adequately to prevent abuse." 

As Meta continues to grapple with regulatory fines and pressures, this latest penalty underscores the EU's rigorous enforcement of data protection laws under GDPR. The company faces growing demands to revamp its security protocols and align with global privacy standards to avoid further sanctions.   
Read more »
Subscribe to: Posts (Atom)