Photo by OLIVIER DOULIERY / AFP via Getty Images
AFP via Getty Images
The Irish Data Protection Commission has launched an investigation into the massive loss of Facebook user data online.
It was recently revealed that more than 530 million Facebook users ‘personal information was posted on a low-level hacking forum and users’ phone numbers were put up for sale.
Facebook’s defense is that the data in question was not hacked but scraped, and that it was the fault of users’ own privacy settings (despite the fact that “Public” was the default, even if the phone number was set to “Just Me”) .).
The company also claimed that the data had been scraped before the GDPR was in place, which meant it wasn’t ready to report the leak.
“Based on our research so far, we believe that the information in the dataset released this weekend was publicly available and was deleted prior to changes to the platform in 2018 and 2019,” it said.
However, the Irish Data Protection Commission (DPC), which oversees the Dublin-based company, was skeptical and suggested that some of the data could at least be from a later period and that this is subject to GDPR.
And now, under pressure from the European Commission, it has announced that it will launch a full investigation.
“After examining the information so far provided by Facebook Ireland on this matter, the DPC is of the opinion that one or more provisions of the GDPR and / or the Data Protection Act 2018 may have been violated and / or may be violated in relation to the personal data of Facebook users” , it said in a statement.
“Accordingly, the Commission considers it appropriate to determine whether Facebook Ireland has fulfilled its obligations as a data controller in relation to the processing of its users’ personal data using the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer functions, or whether one or more provisions of the GDPR and / or the Data Protection Act 2018 were and / or will be violated by Facebook in this regard. ”
While Facebook claims that the ability to import contacts in question is common to many apps, it has announced that it will work with the request.
The step of the DPC follows the demands of the European Commission for a comprehensive investigation. Earlier this week, Justice Commissioner Didier Reynders said he had spoken to Data Protection Commissioner Helen Dixon about the matter and asked Facebook to “actively and quickly … shed light on the issues identified”.
If it is found that Facebook is violating the GDPR, fines of up to four percent of sales are threatened. The company is already the subject of more than a dozen investigations by the DPC, none of which have been completed.