Irish regulator opens second inquiry into Facebook

Since the GDPR the social network has had to notify the DPC of a number of breaches

dislike emoji used on Facebook

The Irish Data Protection Commission (DPC) has opened a second inquiry into Facebook after the social network revealed a bug that exposed 6.8 million users' photos.

The DPC said it's investigating whether Facebook had breached EU privacy rules following the glitch, disclosed on Friday, that allowed some 1,500 software apps to access private photos for 12 days.

"Our internal team discovered a photo API bug that may have affected people who used Facebook Login and granted permission to third-party apps to access their photos," Facebook said in a blog post. "We have fixed the issue but, because of this bug, some third-party apps may have had access to a broader set of photos than usual for 12 days between September 13 to September 25, 2018."

Under the GDPR, companies have 72 hours to report data breaches to authorities or face a potential fine of 20 million or four percent of annual turnover, whichever is higher. However, this is not the first breach Facebook has suffered since the GDPR came into force.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR on May 25, 2018," a DPC spokesperson said. "Reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook's compliance with the relevant provisions of the GDPR."

Facebook's European infrastructure is mainly established in Ireland, where it has datacentres and benefits from the One Stop Shop mechanism provided for in the GDPR. This rule means that organisations carrying out cross-border personal data processing activities will only have to deal with one supervisory authority.

For Facebook, this is the DPC. The Irish data regulator arguably has the biggest data processing organisation to watch over and also one of the most problematic considering how torrid a year Mark Zuckerberg and his creation have had.

Luckily for Zuckerberg, the GDPR only came into force 25 May, because the platform came under heavy scrutiny at the start of 2018 following the Cambridge Analytica scandal. From there the company has found itself in one controversy after another, such as the massive data breach the site suffered in October, which the DPC also investigated.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020