Irish regulator opens second inquiry into Facebook

Since the GDPR the social network has had to notify the DPC of a number of breaches

dislike emoji used on Facebook

The Irish Data Protection Commission (DPC) has opened a second inquiry into Facebook after the social network revealed a bug that exposed 6.8 million users' photos.

The DPC said it's investigating whether Facebook had breached EU privacy rules following the glitch, disclosed on Friday, that allowed some 1,500 software apps to access private photos for 12 days.

Advertisement - Article continues below

"Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos," Facebook said in a blog post. "We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018."

Under the GDPR, companies have 72 hours to report data breaches to authorities or face a potential fine of 20 million or four percent of annual turnover, whichever is higher. However, this is not the first breach Facebook has suffered since the GDPR came into force.

"The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR on May 25, 2018," a DPC spokesperson said. "Reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook's compliance with the relevant provisions of the GDPR."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Facebook's European infrastructure is mainly established in Ireland, where it has datacentres and benefits from the One Stop Shop mechanism provided for in the GDPR. This rule means that organisations carrying out cross-border personal data processing activities will only have to deal with one supervisory authority.

For Facebook, this is the DPC. The Irish data regulator arguably has the biggest data processing organisation to watch over and also one of the most problematic considering how torrid a year Mark Zuckerberg and his creation have had.

Luckily for Zuckerberg, the GDPR only came into force 25 May, because the platform came under heavy scrutiny at the start of 2018 following the Cambridge Analytica scandal. From there the company has found itself in one controversy after another, such as the massive data breach the site suffered in October, which the DPC also investigated.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020