IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Irish regulator opens second inquiry into Facebook

Since the GDPR the social network has had to notify the DPC of a number of breaches

dislike emoji used on Facebook

The Irish Data Protection Commission (DPC) has opened a second inquiry into Facebook after the social network revealed a bug that exposed 6.8 million users' photos.

The DPC said it's investigating whether Facebook had breached EU privacy rules following the glitch, disclosed on Friday, that allowed some 1,500 software apps to access private photos for 12 days.

"Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos," Facebook said in a blog post. "We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018."

Under the GDPR, companies have 72 hours to report data breaches to authorities or face a potential fine of 20 million or four percent of annual turnover, whichever is higher. However, this is not the first breach Facebook has suffered since the GDPR came into force.

"The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR on May 25, 2018," a DPC spokesperson said. "Reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook's compliance with the relevant provisions of the GDPR."

Facebook's European infrastructure is mainly established in Ireland, where it has datacentres and benefits from the One Stop Shop mechanism provided for in the GDPR. This rule means that organisations carrying out cross-border personal data processing activities will only have to deal with one supervisory authority.

For Facebook, this is the DPC. The Irish data regulator arguably has the biggest data processing organisation to watch over and also one of the most problematic considering how torrid a year Mark Zuckerberg and his creation have had.

Luckily for Zuckerberg, the GDPR only came into force 25 May, because the platform came under heavy scrutiny at the start of 2018 following the Cambridge Analytica scandal. From there the company has found itself in one controversy after another, such as the massive data breach the site suffered in October, which the DPC also investigated.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022