Irish Regulator Investigates Facebook Over ‘Data Leak’

Facebook is once again in the crosshairs of a national regulator, after the Irish Data Protection Commission (DPC) said it believes the firm may have breached one or more laws.

The Irish DPC announced on Wednesday that it has “launched an own-volition inquiry pursuant to section 110 of the Data Protection Act 2018 in relation to multiple international media reports, which highlighted that a collated dataset of Facebook user personal data had been made available on the internet.”

Last week it was reported that a massive data set on about 533 million Facebook users was posted on a hacker forum.

That data dump was believed to originated from an issue that occurred in early 2019, which Facebook said it fixed in August of that year.

Irish investigation

Facebook insisted the breach was old data, but the Irish Data Protection Commissioner (DPC) deputy commissioner Graham Doyle last week said it was examining the matter to determine if it involved 2019 data.

And now on Wednesday the Irish DPC said it will begin an official investigation “in relation to GDPR compliance to which Facebook Ireland furnished a number of responses.”

“The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data,” it announced.

“Accordingly, the Commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users by means of the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer features of its service, or whether any provision(s) of the GDPR and/or the Data Protection Act 2018 have been, and/or are being, infringed by Facebook in this respect,” it said.

Facebook co-operation

Facebook has been quoted in the media as saying it is “cooperating fully” with the regulator, adding that the leak in question “relates to features that make it easier for people to find and connect with friends on our services.”

“These features are common to many apps and we look forward to explaining them and the protections we have put in place,” a Facebook spokesperson told CNBC via email.

The Irish DPC is taking the lead, because Facebook’s European headquarters are located in Dublin.

It’s unclear how long the investigation will last, but if the investigation goes against the social networking giant, a fine has the potential to be very expensive indeed.

Under GDPR rules firms can be fined either 20 million euros ($24 million) or up to 4 percent of their annual revenues, whichever is the greater amount.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Microsoft Xbox Marketing Chief Leaves For Roblox

Microsoft loses Xbox marketing chief amidst executive changes in company's gaming division, broader layoffs and…

9 hours ago

YouTube Test Community ‘Notes’ Feature For Added Context

YouTube begins testing Notes feature that allows selected users to add contextual information to videos,…

10 hours ago

FTC Sues Adobe Over Hidden Fees, Termination ‘Resistance’

US regulator sues Photoshop maker Adobe over large, hidden termination fees, intentionally difficult cancellation process

10 hours ago

Tencent To Ban AI Avatars From Livestream Commerce

Chinese tech giant Tencent to ban AI hosts from livestream video platform as it looks…

11 hours ago

TikTok US Ban Appeal Gets 16 September Court Date

Action by TikTok, ByteDance and creators against US ban law gets 16 September hearing date,…

11 hours ago

US Surgeon General Calls For Warning Labels On Social Media

US surgeon general calls for cigarette-style warning labels to be shown on social media advising…

12 hours ago