DUBLIN: Ireland’s Data Protection Commission (DPC) said on Wednesday it had launched an inquiry into Facebook Inc, after a dataset reported to contain personal data relating to some 533 million Facebook users worldwide was made public.
Facebook said in a blog post last week that “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for synching contacts. The DPC said that having considered information provided by Facebook, it was of the opinion that one or more provisions of the EU’s General Data Protection Regulation’s (GDPR) and/or the Data Protection Act 2018 “may have been, and/or are being, infringed in relation to Facebook Users’ personal data.” A spokeswoman for Facebook said the company was cooperating fully with the inquiry “which relates to features that make it easier for people to find and connect with friends on our services.”
“These features are common to many apps and we look forward to explaining them and the protections we have put in place,” the spokeswoman added. The DPC is the European Union’s lead regulator of Facebook, Apple, Google and other technology giants under the GDPR’s “One Stop Shop” regime, due to the location of their EU headquarters in Ireland.
The regulator said last week that previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website, which at the time Facebook said occurred between June 2017 and April 2018, before the GDPR rules came in. It also said last week that the newly published data leak seemed to comprise the original 2018 dataset combined with additional records, which may be from a later period. The DPC had more than 27 major inquiries into U.S technology firms open at the end of last year, 14 of which are into Facebook and its WhatsApp and Instagram subsidiaries.