The Irish regulator is initiating an investigation into Facebook into possible violations of data protection laws


Mark Zuckerberg, Chairman and CEO of Facebook.

Erin Scott | Reuters

LONDON – Ireland’s data protection officer announced on Wednesday that he has opened an investigation into Facebook into a possible breach of European data protection rules.

The Data Protection Commission (DPC) said its investigation focuses on reports that a record of 533 million Facebook users worldwide was posted on an online hacker forum. Regulators believe the leak may be in violation of the EU’s general data protection regulation.

After speaking with representatives from Facebook Ireland, the Irish DPC stated that Facebook may have violated one or more laws, adding that the company may still be violating certain regulations.

Facebook did not immediately respond to CNBC’s request for comment.

The social media giant tried to downplay the data breach as it was related to an “old” security flaw that was fixed by 2019. A blog post last week stated that the data was scraped off by hackers using the contact importer tool some time ago in September 2019.

The DPC appears to be the first regulator to open a formal investigation by Facebook into the matter. With Facebook’s European headquarters in Dublin, Ireland is the primary data enforcer for the company.

It is unclear how long the investigation will take. Under the GDPR, which was introduced in 2018, companies can be fined either 20 million euros or up to 4% of their annual turnover, whichever is greater.

Ireland’s data guardian has been criticized by privacy advocates for being too slow in its GDPR investigations against large tech companies. In December 2020, the DPC imposed its first GDPR fine on a large US technology company and fined Twitter € 450,000.


Katherine Clark