Ireland’s Data Protection Commission (DPC) opened a fresh investigation late last year into Facebook after the company admitted the existence of another privacy data breach in which private pictures of over 6.8 million users were compromised and made available to third-party apps.
Privacy data breaches: Facebook’s ongoing problem
Facebook has been associated with data scandals like Cambridge Analytica, as well as with fake news issues. Yet in spite of the unflattering attention, the company has found no strong way to prevent these data breaches.
The DPC said it launched its investigation to find out whether the social network had abided by the new, strict EU privacy rules while dealing with several breaches.
Facebook said that it is in close contact with the lead regulator and will answer all questions.
The DPC is also probing a September privacy leak in which over 50 million users were affected. Facebook could reportedly face a penalty of over 4% of its annual turnover, the highest fine yet under Europe’s new General Data Protection Regulation (GDPR).
The data breach, by the numbers
A spokesperson for the Irish regulator said that it has received many breach notifications from the social network since the new GDPR regulations came into existence in May 2018. The GDPR requires companies to report all data breaches to authorities within 72 hours.
The breach Facebook revealed involved the enabling of over 1,500 software applications to access private pictures of users for 12 days in September 2018. The company reported that over 1,500 third-party apps built by 876 developers could be affected by the bug as well.
Facebook apologized for the breach and said that it has now fixed the problem and will be rolling out tools for app developers soon. Facebook said these tools “will allow them to determine which people using their app might be impacted by this bug.”