Irish Regulator Investigates Facebook Over ‘Data Leak’

Facebook is once again in the crosshairs of a national regulator, after the Irish Data Protection Commission (DPC) said it believes the firm may have breached one or more laws.

The Irish DPC announced on Wednesday that it has “launched an own-volition inquiry pursuant to section 110 of the Data Protection Act 2018 in relation to multiple international media reports, which highlighted that a collated dataset of Facebook user personal data had been made available on the internet.”

Last week it was reported that a massive data set on about 533 million Facebook users was posted on a hacker forum.

That data dump was believed to originated from an issue that occurred in early 2019, which Facebook said it fixed in August of that year.

Irish investigation

Facebook insisted the breach was old data, but the Irish Data Protection Commissioner (DPC) deputy commissioner Graham Doyle last week said it was examining the matter to determine if it involved 2019 data.

And now on Wednesday the Irish DPC said it will begin an official investigation “in relation to GDPR compliance to which Facebook Ireland furnished a number of responses.”

“The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data,” it announced.

“Accordingly, the Commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users by means of the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer features of its service, or whether any provision(s) of the GDPR and/or the Data Protection Act 2018 have been, and/or are being, infringed by Facebook in this respect,” it said.

Facebook co-operation

Facebook has been quoted in the media as saying it is “cooperating fully” with the regulator, adding that the leak in question “relates to features that make it easier for people to find and connect with friends on our services.”

“These features are common to many apps and we look forward to explaining them and the protections we have put in place,” a Facebook spokesperson told CNBC via email.

The Irish DPC is taking the lead, because Facebook’s European headquarters are located in Dublin.

It’s unclear how long the investigation will last, but if the investigation goes against the social networking giant, a fine has the potential to be very expensive indeed.

Under GDPR rules firms can be fined either 20 million euros ($24 million) or up to 4 percent of their annual revenues, whichever is the greater amount.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

AWS re:Invent Conference Welcomes Back Crowds

Over 27,000 attendees and members of the press (including Silicon) attend Amazon Web Services worldwide…

2 hours ago

Head Of Car Giant Stellantis Issues Electric Vehicle Cost Warning

The car manufacturing industry cannot sustain the costs from government demands to shift to electric…

3 hours ago

SpaceX’s Elon Musk Warns Of Bankruptcy Risk Over Engine Issue

SpaceX CEO Elon Musk warns of “disaster” concerning production of Starship Raptor engine that puts…

5 hours ago

Twitter To Remove Photos Tweeted Without Permission

Privacy overstep? Personal photos and videos of private individuals tweeted without the consent of the…

6 hours ago

Facebook Cryptocurrency Executive David Marcus To Leave

Executive in charge of Meta's cryptocurrency efforts, confirms he is leaving after seven years at…

8 hours ago

NY AG Seeks Overseer For Amazon Worker Safety

New York's attorney general asks US judge to appoint someone who will oversee worker safety…

9 hours ago