Sept. 27 (UPI) — Ireland’s Data Protection Commission on Friday fined Meta more than $100 million for privacy law violations related to failing to properly encrypt and store passwords of the tech giant’s users.

The DPC found Meta Platforms Ireland Limited violated four parts of the European Union’s General Data Protection Regulation or GDPR in levying the $101.7 million fine.

Regulators found Meta “did not use appropriate technical or organizational measures to ensure appropriate security of users’ passwords against unauthorized processing,” among other violations.

Meta was also cited for three other violations related to improperly storing users’ passwords.

An investigation into the allegations first started in 2019 after Meta self-reported a possible issue. EU legislation requires companies to report potential privacy breaches as soon as they become aware of them.

“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” DPC Deputy Commissioner Graham Doyle said in the statement.

“It must be borne in mind that the passwords, the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts.”

The GDPR was first adopted in 2016, coming into law in 2018 and is considered some of the strongest privacy legislation in the world.

The commission’s power stems from the legislation and its responsibilities extend to upholding the individuals’ rights to have their personal data protected.

Officials said Meta was first informed of the decision Thursday.

The commission will publish a comprehensive version of its decision in the future.

This is not the first time Irish regulators have fined the social media giant.

In May of 2023, the DPC fined Meta $1.3 billion for privacy violations and ordered the U.S. tech giant to stop transferring user data across the Atlantic.

In January of that year, the commission levied a pair of fines against Meta totaling about $414 million for violating GDPR rules.