Data Protection probes stack up against Facebook

Facebook has fallen under renewed regulator scrutiny for failure to comply with the General Data Protection Regulation (GDPR).

The social network is now up against seven individual data protection probes in Ireland, within a broader 16-case series faced by other tech giants including Apple, Twitter and LinkedIn.

WhatsApp and Instagram – both owned by Facebook – are under similar investigations designed to ratchet up the intensity of financial penalties that regulators can wield in the name of GDPR.

Currently, watchdogs can impose fines of 4% of annual turnover or €20m, whichever sum is the greater.

Helen Dixon, Ireland’s data protection commissioner said:

“These data protection probes are centred on the activities of very big internet companies with tens of thousands of millions of users.”

Facebook first fell under EU investigation in Ireland, after a much-publicised security breach that led to over 50m user accounts being compromised, news of which broke in October 2018.

The watershed intrusion also put accounts linked to those breached at risk, meaning that a criminal element would be able to access any third party account that is logged into via the Facebook portal.

December 2018 brought more investigation headaches for Mark Zuckerberg, after a photo AIP glitch hit Facebook users and allowed photo access to third party platforms. The malfunction enabled external developers to reach user photos, affecting up to 6.8 million users and around 1,500 apps.

Dixon said:

“Other breach notifications received in my office since May 25th are related to coding errors, which leads to posts being made public that should have been private, or in a major breach. No company seems to be immune from this.”

The Irish Data Protection Commissioner said that the cases are not trivial, stating:

“We’re at various concrete stages in all of them, but they’re all substantially advanced. The soonest I am going to see an investigation report on my desk, which is when my role kicks in.”

“Companies are lawyering up and we’re typically dealing with more litigators and lawyers on the side of any inquiry that we conduct. It does show the power that they have in terms of the size. But we have all the cards in terms of the powers to investigate, to compel and ultimately to conclude and make findings,” she added.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/