The Irish Data Protection Commission (DPC) is investigating Facebook over the 533 million user records that appeared online.
Earlier this month, user data for 533 million Facebook users was published online. The data included full names, Facebook IDs, birthdates, locations, past locations, bios and more. Facebook said the data was scraped due to a vulnerability that was fixed in 2019 — an explanation that provides little consolation to the users whose data was leaked.
The DPC is now investigating Facebook, and believes the incident could violate the EU’s GDPR legislation.
The Data Protection Commission (DPC) today launched an own-volition inquiry pursuant to section 110 of the Data Protection Act 2018 in relation to multiple international media reports, which highlighted that a collated dataset of Facebook user personal data had been made available on the internet. This dataset was reported to contain personal data relating to approximately 533 million Facebook users worldwide. The DPC engaged with Facebook Ireland in relation to this reported issue, raising queries in relation to GDPR compliance to which Facebook Ireland furnished a number of responses.
The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data.
The DPC’s investigation is just the latest issue Facebook is facing, amid antitrust allegations and ongoing privacy concerns.