Business Technology

LastPass Facing European GDPR Fine for Ongoing Data Export Bugs

European Commission privacy regulations Wiki Commons

Europe takes a dim view on companies that mishandle user privacy and security. The European Commission leverages GDPR laws to regulate companies with a strict hand. However, it seems LastPass is willing to fly in the face of EU regulators and is facing a hefty fine for unresolved bugs.

Users and outlets have been increasingly pointing out how the company’s data practices go against the tenants of GDPR law. Starting on Reddit and then to an article by AlternativeTo, the company is said to be holding user data by not allowing them to export it.

If you are unfamiliar with LastPass, it is a freemium password management platform that provides encrypted passwords for users online. Sounds great, but it seems the company is not doing the best job at maintaining the privacy of customers.

For example, the company is said to be punishing users who drop from a paid account to a free version. Specifically, LastPass can lock users onto the desktop browser app when they switch between mobile and desktop three times. I am unsure why three is the magic number, but it is.

Once locked onto the desktop app, the user can no longer export their data. It seems there are bugs that the company has not dealt with that precent exports. In other words, LastPass could solve the issue but is choosing not to.

The report suggests the bug is a violation of GDRP Article 20, which states users have the right to data portability. If a user wants to take their data and access it, they must be able to whether on a paid service or not.

LastPass is also reportedly lacking any normal avenue for customer support. There is no email or phone support for non-paying customers, but there is a virtual assistant. While this annoying, plenty of enterprise apps take a similar position.


LastPass has a history of problems. In December 2021, the company confirmed a breach scare following a spate of unauthorized password warnings to users. However, the company said it was a false alarm and no accounts/passwords were compromised.

In 2019, we reported on a vulnerability on the platform that left users open to their information being taken before LastPass issued a patch.

Tip of the day: Did you know that Task Manager lets you set CPU affinity to claw back some resources from running apps and give selected apps higher priority. Our tutorial shows how you can use this helpful feature.

Source Winbuzzeer

Juliana Luwoye

The author Juliana Luwoye

Leave a Response