The Irish Data Protection Commission (DPC) is investigating another potential General Data Protection Regulation Breach by Facebook following a statement from the social media company admitted a glitch may have exposed unposted photos from up to 6.8 million users.
The DPC will conduct an investigation in line with the GDPR rule which were introduced by the European Union on May 25 this year. The data protection legislation was formulated to allocate regulators far reaching powers to sanction firms who neglect to adequately secure personal data. Corporations can face fines of up to €20m or 4% of their annual global turnover if they neglect to conform, whichever figure is higher. If a fine such as this was applied to Facebook it could be as high as €1.4 billion based on its 2017 annual revenue of €35.2 billion.
The DPC has primary European jurisdiction over Facebook as it European headquarters is located in Dublin. Head of Communications for the DPC Graham Doyle said: ““The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR on May 25, 2018. With reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook’s compliance with the relevant provisions of the GDPR.”
Facebook issued a statement last Friday which revealed that logging in to their platform and granting permission to third-party applications to access photos may have resulted in the unintended breach between September 13 and 25.
Facebook Engineering Director Tomer Bar stated in a message to developers: “When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories.”
This is the latest in, what has been, a busy 2018 for Facebook in relation to data privacy investigation. A similar probe launched in October after it was discovered that up to 50 million user accounts could have been exposed in a Facebook date breach. You can read more about that here.
Earlier this year Facebook had to deal with other data privacy investigations which you can read about below:
- Facebook Facing GDPR Investigation over Audience Targeting Methods
- Facebook Hit with UK£500k Fine for Pre-GDPR Data Breach
- Tech Giants including Facebook and Google Subject to GDPR Complaints
- First UK GDPR Notice is Issued to Canadian Firm Linked to Cambridge Analytica
- First GDPR Lawsuit: $8.2 billion Fines Claimed from Facebook and Google