The Irish Data Protection Commission will investigate Facebook for a data breach concerning the personal information of hundreds of millions of Facebook users which was leaked publicly.
The Commission had already reviewed Facebook’s arguments that the data are outdated, from a previously published breach in 2019.
However, it now claims that there might have been a violation of data laws.
Facebook said that it is “cooperating fully.”
The company said in a statement that the investigation “relates to features that make it easier for people to find and connect with friends on our services.”
“These features are common to many apps, and we look forward to explaining them and the protections we have put in place,” it said.
Since Facebook’s European offices are in Dublin, the Irish regulator is crucial in such inquiries.
‘Reason for concern.’
The dataset, which included 533 million users from 106 nations, was released earlier this month on a hacker website, despite the fact that it had been scraped from Facebook years before.
Since Facebook became conscious that it was being exploited, the function that was manipulated to access the data was updated in 2019.
While not every piece of data was accessible to every person, the vast size of the breach concerned privacy experts.
The DPC stated in a statement that after reviewing the facts, it was “of the opinion that one or more provisions of the GDPR and/or the Data Protection Act may have been, and/or are being, infringed in relation to Facebook users’ personal data.”
“Accordingly, the Commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users.”
Firms identified in violation of GDPR risk penalties of up to 4% of their total global sales.