Ireland launches data protection inquiry into Facebook breach

Facebook Ireland Data Breach

Ireland’s Data Protection Commission (DPC) has opened an inquiry over Facebook’s recent data breach. More than 533 million Facebook users shared personal information on a popular hacker forum earlier this month.

The DPC confirmed that they were investigating whether any data rights relating to GDPR compliance may have been violated.

“The Data Protection Commission (DPC) today launched an own-volition inquiry pursuant to section 110 of the Data Protection Act 2018 in relation to multiple international media reports, which highlighted that a collated dataset of Facebook user personal data had been made available on the internet. This dataset was reported to contain personal data relating to approximately 533 million Facebook users worldwide. The DPC engaged with Facebook Ireland in relation to this reported issue, raising queries in relation to GDPR compliance to which Facebook Ireland furnished a number of responses.

The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users' personal data.

Accordingly, the Commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users by means of the Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer features of its service, or whether any provision(s) of the GDPR and/or the Data Protection Act 2018 have been, and/or are being, infringed by Facebook in this respect.”

Irish Data Protection Commission’s statement
The move comes after the European Commission’s Justice Commissioner, Didier Reynders, tweeted on Monday that he has spoken with the DPC’s Helen Dixon about the Facebook data breach:

Facebook has publicly responded to the DPC’s inquiry stating, “We are cooperating fully with the DPC in its inquiry, which relates to features that make it easier for people to find and connect with friends on our services. These features are common to many apps, and we look forward to explaining them and the protections we have put in place.”

Companies that are found to violate the European Union’s General Data Protection Regulations (GDPR) may be fined €20 million, or up to 4% of their annual worldwide turnover of the preceding financial year, whichever is greater.

The British Information Commissioners Office (ICO) is also considering opening its own investigation into the breach. A spokeswoman confirmed on Wednesday that it would be coordinating with other regulators.

Scroll to Top