The Irish Data Protection Commission has launched an investigation into a massive leak of data on Facebook users online.
It was recently revealed that the personal data of more than 530 million Facebook users was posted on a low-level hacking forum, and user phone numbers were offered for sale.
Facebook’s defense is that the data in question was deleted, not hacked, and that it is the fault of its own privacy settings (this despite the fact that the default setting is “Public”, even when the phone number is set to “Only me”).
The company also claimed that the data was deleted before the introduction of the GDPR, meaning it did not dare to report the leak.
“Based on our investigation to date, we believe the data from the dataset released this weekend was publicly available and deleted before the changes to the platform in 2018 and 2019,” it states.
However, the Irish Data Protection Commission (DPC), which oversees the Dublin-based company, was skeptical, suggesting that some data could date back to a later period and that this could be subject to the GDPR.
And now, after pressure from the European Commission, he has announced his intention to launch a full investigation.
“DPC, taking into account the data provided to date by Facebook Ireland on this issue, is of the opinion that one or more provisions of the GDPR and / or the Data Protection Act 2018 have been violated and / or are violated in relation to personal Facebook user data “, reads in statement.
“Accordingly, the Commission considers it appropriate to establish whether Facebook Ireland has complied with its obligations, as data controller, regarding the processing of its users’ personal data through Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer, or whether Facebook has breached and / or violates any provision of the GDPR and / or the Data Protection Act 2018. ”
Facebook, although it claimed that the contact import feature is common to many apps, said it would cooperate with the investigation.
The DPC’s move followed a call by the European Commission for a detailed investigation. Earlier this week, Justice Commissioner Didier Reynders He said he spoke to data protection commissioner Helen Dixon about the issue and called on Facebook to ‘actively and quickly … shed light on the problems identified’.
If Facebook is found to be violating the GDPR, it could face fines of up to four percent of traffic. The company has already been the subject of more than a dozen DPC investigations, none of which have yet reached a conclusion.