Irish data watchdog to investigate Facebook data leak

The regulator believes that Facebook may have infringed ‘one or more’ GDPR provisions following apparent leak of 533 million user records

The Irish Data Protection Commission (DPC) has launched an inquiry into an alleged Facebook data leak that affected an estimated 533 million users worldwide.

Due to Facebook’s European headquarters being based in Dublin, the Irish regulator is to investigate whether the tech giant had complied with its data controller responsibilities when processing the personal data of its users.

In a statement, the DPC shared that it “is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data”, based on “information provided by Facebook Ireland”.

Last week, the regulator stated that, of the 533 million individuals caught up in the leak, a “significant number” are EU users, adding that much of the data appears to have been scraped some time ago from public Facebook profiles.

Facebook released a statement saying that the leaked data wasn’t obtained through hacking Facebook’s systems, but by “malicious actors” scraping it from the tech giant’s platform “prior to September 2019”. The company added that it is “confident that the specific issue that allowed them to scrape this data in 2019 no longer exists”.

The datasets, which were reportedly published in 2019 and 2018, are thought to have originated through a large-scale scraping of the social media giant’s website which reportedly occurred between June 2017 and April 2018. The timeline is important, as given that GDPR came into effect on 25 May 2018, if Facebook is able to show that this scraping had occurred before this date then any potential regulatory action would be subject to sanctions set out under the Data Protection Directive - which effectively devolved this responsibility to member states.

Simply put, if found to have breached data protection rules in any way, Facebook could avoid having to pay a substantial penalty under GDPR, which could be as high as 4% of the tech giant’s annual turnover.

Commenting on the Irish DPC’s decision to launch an inquiry into the leak, a Facebook spokesperson said that the company was “co-operating fully”, adding that the investigation “relates to features that make it easier for people to find and connect with friends on our services”.

“These features are common to many apps and we look forward to explaining them and the protections we have put in place,” the spokesperson added.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
Peloton security bug could expose user data
data protection

Peloton security bug could expose user data

6 May 2021
Facebook bans Signal's crafty anti-tracking ad campaign
data protection

Facebook bans Signal's crafty anti-tracking ad campaign

5 May 2021
Tens of thousands of Pennsylvanians health data exposed following data breach
data protection

Tens of thousands of Pennsylvanians health data exposed following data breach

4 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021