Facebook could face fines of up to £1 billion following regulator action

The world famous social media network may be up against a “multi-billion-dollar fine” CNN reports, following an announcement made by the Irish Data Protection Commission (IDPC) last week.

The IDPC, which is the Ireland-based European regulator for Facebook, said on Friday that it has initiated a “statutory inquiry” into Mark Zuckerberg’s company following a series of reports of data breaches that are hitting the firm.

The news unfolded as Facebook came forward with details of a breach incident whereby the photos of up to 6.8 million account holders had been compromised online.

The bungle has hit just two months after the social network suffered its biggest ever security glitch; in September, a GDPR-aware world was rocked by revelations that hackers had bypassed Facebook’s security walls to obtain the private details of millions of users over a period of 12 days.

New compliance standards

The GDPR has given European regulators sharper teeth in dealing with companies that fail to comply with the new data security standards that were implemented on May 25th of this year.

With its European HQ based in Dublin, Facebook is obliged to notify the regulator of data breaches within 72 hours of their discovery. Facebook said that the September intrusion had been flagged up to the regulator as soon as it “had been established it was considered a reportable breach.”

The GDPR was introduced under headline warnings that non-compliant companies could face a maximum fine of €20m or 4% of annual turnover, whichever is greater. Making nearly $40 billion in 2017, this could mean that Facebook receives a penalty of up to €1.6 billion.

These fresh breach notifications from the social media giant have now prompted Graham Doyle, the IDPC’s head of communications, to announce the new investigation.

Speaking to CNN, a Facebook spokesperson said:

“We are in close contact with the Irish Data Protection Commission and are happy to answer any questions they may have.”


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.