1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Irish data watchdog probes Facebook breach

October 3, 2018

Ireland's data protection authority has launched a probe into the Facebook security breach that affected some 50 million users. The move could see EU law — and strict fines — come to bear on the social media giant.

Mark Zuckerberg
Image: Imago/Zumapress/R. Sachs

The Irish Data Protection Commission (DPC) has launched an investigation into last week's data breach at Facebook that affected some 50 million users.

The data watchdog said it would look into whether the tech giant had complied with European data protection regulations that went into effect this year.

In a statement Wednesday, Ireland's data regulator said it was examining whether Facebook put in place the "appropriate technical and organizational measures to ensure the security and safeguarding of the personal data it processes."

It marks the first major test for Europe's newly beefed-up data protection laws known as the General Data Protection Regulation (GDPR), which came into force in May. The regulations place strong controls on how technology companies store European user information.

Facebook's European subsidiary is located in Ireland, so the Irish DPC is the organization that regulates the social network on the continent.

The social network site admitted to the breach in a blog post last Friday, saying hackers had exploited a vulnerability in the website's code that may have given them access to millions of users' accounts.

Fewer than 10 percent of the estimated 50 million affected accounts are thought to be European users, according to the DPC.

Read more: 'Companies are concerned about a loss of their reputation'

Facebook facing fines up to €1.4 billion

Under the EU's GDPR bill, companies in breach of the regulations can face a maximum fine of up to 4 percent of global revenues.

Facebook made almost €35.2 billion ($40.6 billion) in revenues last year, meaning the total fine could amount to around €1.4 billion.

However, EU Justice and Consumer Affairs Commissioner Vera Jourova has said the social media giant was unlikely to face the maximum fine because it had adhered to rules requiring it to report the data breach within 72 hours upon its discovery.

Read more: Cambridge Analytica: The devil in the detail

This "is one of the factors which might result in lower sanctions," Jourova said Tuesday, although she ominously added that "this is only theoretical."

Facebook has already suffered a sullying of its reputation this year  when it comes to data security. In March it was revealed how that information from tens of millions of user profiles was harvested and sent to Cambridge Analytica, a political firm employed by the campaign to elect Donald Trump to the presidency.

The company's share price is down almost 8 percent year-to-date.

Each evening at 1830 UTC, DW's editors send out a selection of the day's hard news and quality feature journalism. You can sign up to receive it directly here.

dm/cmk (AFP, AP)