Mark Zuckerberg, Chairman and CEO of Facebook.
Erin Scott | Reuters
LONDON – Ireland’s data protection commissioner announced on Wednesday that he has opened an investigation into Facebook into a possible breach of European data protection rules.
The Data Protection Commission (DPC) said its investigation focuses on reports that a record of 533 million Facebook users worldwide was posted on an online hacker forum. Regulators believe the leak may be in violation of the EU’s general data protection regulation.
After speaking with representatives from Facebook Ireland, the Irish DPC stated that Facebook may have violated one or more laws, adding that the company may still be violating certain regulations.
Facebook said it was “cooperating fully” with the regulator, adding that the leak in question “relates to features that make it easier for people to make friends and connect with our services”.
“These functions are common to many apps and we look forward to explaining them and the safeguards we have put in place,” a Facebook spokesman told CNBC via email.
The social media giant has tried to downplay the data breach. He said it was an “old” vulnerability that was fixed by 2019. A blog post last week stated that the data was deleted by hackers using the contact importer tool some time ago in September 2019.
The DPC appears to be the first regulator to open a formal investigation by Facebook into the matter. With Facebook’s European headquarters in Dublin, Ireland is the primary data enforcer for the company.
It is unclear how long the investigation will take. Under the GDPR, which was introduced in 2018, companies can be fined either 20 million euros or up to 4% of their annual turnover, whichever is greater.
Ireland’s data guardian has been criticized by privacy advocates for being too slow in its GDPR investigations against large tech companies. In December 2020, the DPC imposed its first GDPR fine on a large US technology company and fined Twitter € 450,000.