Ireland’s data security agency announced on Wednesday that it has launched an investigation into Facebook for possibly violating European privacy laws.
The Data Protection Commission (DPC) revealed that its investigation is based on allegations that an anonymous hacker forum revealed a dataset of 533 million Facebook users around the world. The leak may have violated the EU’s General Data Protection Regulation (GDPR), according to regulators.
Following discussions with officials from Facebook Ireland, Ireland’s DPC concluded that Facebook Inc. may have broken one or more rules, and that the company may still be violating certain provisions.
Facebook said that it is “cooperating fully” with the DPC and that the data breach “relates to features that make it easier for people to find and connect with friends on our services.”
Damage Control
Facebook has tried to downplay the data breach, claiming that it was caused by a “old” security flaw that had been patched by 2019. According to a blog post published last week, the data was scraped by hackers using its contact importer tool sometime before September 2019.
The DPC appears to be the first regulator to open a formal inquiry into Facebook in relation to this matter. Since Facebook’s European headquarters are in Dublin, Ireland is the company’s primary enforcer of data privacy laws.