The Irish Data Protection Commission (DPC) has reached out to Facebook seeking to determine whether the social media giant’s latest data breach should receive scrutiny under the General Data Protection Regulation (GDPR).
The Irish Data Protection Commission (DPC) has reached out to Facebook seeking to determine whether the social media giant’s latest data breach should receive scrutiny under the General Data Protection Regulation (GDPR).
Facebook has received significant attention after a dataset containing the personal information of over 533 million of its users surfaced on a hacking forum over the weekend. Names, locations, birthdays, e-mail addresses, and phone numbers were among the information made available. The company has remained steadfast that the data is old and was “scraped” through a vulnerability it patched in 2019.
The Irish DPC acknowledged previous leaked datasets scraped from Facebook between June 2017 and April 2018 were not disclosed under the GDPR because the breaches took place prior to the law’s enactment in May 2018. What the agency wants to know is whether last weekend’s dataset contains additional records from a later period that would have been covered by the GDPR—a possibility given Facebook has said the information was obtained “prior to September 2019.”
“The DPC attempted over the weekend to establish the full facts and is continuing to do so,” the agency said in a statement Tuesday. “It received no proactive communication from Facebook.” The GDPR requires companies to report a relevant data breach within 72 hours of discovery.
What Facebook has told the agency is that the dataset “requires extensive investigation” before the company can say with a level of confidence when the data was obtained. The Irish DPC said Facebook has vowed to prioritize answering the regulator’s inquiries.
As of the Irish DPC’s 2020 annual report released in February, Facebook is the subject of nine investigations into potential GDPR violations. Three more probes relate to Instagram and two to WhatsApp. Two Facebook cases are currently at the decision-making part of the process and one investigation each into WhatsApp and Instagram are being finalized, Deputy Commissioner Graham Doyle said then.
No comments yet