Europe’s leading privacy regulator is now investigating whether Facebook broke the law for handling the data breach for more than 533 million people’s phone numbers along with the personal data. On Wednesday, Ireland’s Data Protection Commission announced that it had opened an investigation into the social media giants.
However, if Facebook is invaded as it violates the EU’s data rules. However, it might face a monetary fine which is up to 4% of its $86 billion global revenue. In a statement, the DPC believes that the EU data rules “may have been and/or which are being, infringed in relation to the Facebook Users’ personal data.”
Notably, the personal data is more than 533 million Facebook users who dumped online for free by hacking the forum earlier this month. However, the data involves the phone number which the users didn’t make public wither on Facebook or on the profiles which were scraped by cybercriminals by violating the terms of Facebook’s terms and service.
Notably, a Facebook spokesperson mentioned in a statement that the company is “cooperating fully” with the investigation by adding the DPC is probing that now-patched vulnerability in a Facebook tool which has made it quite possible for gathering info regarding the Facebook user by keeping their phone number.
The Spokesperson said, “We are cooperating fully with the IDPC in its enquiry, which relates to features that make it easier for people to find and connect with friends on our services. These features are common to many apps and we look forward to explaining them and the protections we have put in place.”
When the news first broke Facebook mentioned that the data was scrapped due to the vulnerability which the company patched in 2019 and downplayed the issue as “previously reported.” However, the company is never publically addressed the vulnerability in detail until the data is dumped in this month.
Facebook mentioned hundreds of millions affected by the data breach as it doesn’t have the confidence that it has the complete knowledge of which users get affected and the users can’t take steps for fixing the issues given by the data which has already been published. However, the DPC investigation has now overcome the heels of pressure from the European Commission. On Monday, Didier Reynders, Justice Commission mentioned that he met DPC head, Helen Dixon, regarding the Facebook breach.
The EU investigation will probe might be Facebook had a legal obligation for notifying users and European regulators which was invaded and fixed the vulnerability. However, the EU’s data privacy rules are known as GDPR need such disclosures. On the other hand, the GDPR only implements the data process after 2018 and till now it is not clear if the Facebook data are scarped before the GDPR becomes effective.