Irish regulator opens second inquiry into Facebook

Since the GDPR the social network has had to notify the DPC of a number of breaches

dislike emoji used on Facebook

The Irish Data Protection Commission (DPC) has opened a second inquiry into Facebook after the social network revealed a bug that exposed 6.8 million users' photos.

The DPC said it's investigating whether Facebook had breached EU privacy rules following the glitch, disclosed on Friday, that allowed some 1,500 software apps to access private photos for 12 days.

"Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos," Facebook said in a blog post. "We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018."

Under the GDPR, companies have 72 hours to report data breaches to authorities or face a potential fine of 20 million or four percent of annual turnover, whichever is higher. However, this is not the first breach Facebook has suffered since the GDPR came into force.

Advertisement
Advertisement - Article continues below

"The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR on May 25, 2018," a DPC spokesperson said. "Reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook's compliance with the relevant provisions of the GDPR."

Facebook's European infrastructure is mainly established in Ireland, where it has datacentres and benefits from the One Stop Shop mechanism provided for in the GDPR. This rule means that organisations carrying out cross-border personal data processing activities will only have to deal with one supervisory authority.

For Facebook, this is the DPC. The Irish data regulator arguably has the biggest data processing organisation to watch over and also one of the most problematic considering how torrid a year Mark Zuckerberg and his creation have had.

Luckily for Zuckerberg, the GDPR only came into force 25 May, because the platform came under heavy scrutiny at the start of 2018 following the Cambridge Analytica scandal. From there the company has found itself in one controversy after another, such as the massive data breach the site suffered in October, which the DPC also investigated.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019