Facebook Chairman and CEO Mark Zuckerberg.
Erin Scott | Reuters
LONDON — Ireland’s data protection watchdog said Wednesday that it has opened an inquiry into Facebook over a potential breach of European privacy rules.
The Data Protection Commission (DPC) said its probe focuses on reports that a dataset of 533 million Facebook users worldwide was exposed on an online hacker forum. Regulators believe the leak may be in breach of the EU’s General Data Protection Regulation.
After speaking to representatives from Facebook Ireland, Ireland’s DPC said it believes Facebook may have breached one or more laws, adding that the company may still be breaching certain provisions.
Facebook did not immediately respond to CNBC’s request for comment.
The social media giant has attempted to downplay the data breach, saying it was related to an “old” vulnerability that was fixed by 2019. It explained in a blog post last week that the data was scraped by hackers using its contact importer tool sometime before September 2019.
The DPC appears to be the first regulator to launch a formal investigation into Facebook over this issue. Since Facebook’s European headquarters are located in Dublin, Ireland is the main enforcer of data regulations for the company.
It’s unclear how long the investigation will last. Under GDPR, which was introduced in 2018, firms can be fined either 20 million euros ($24 million) or up to 4% of their annual revenues, whichever is the greater amount.
Ireland’s data watchdog has faced criticism from privacy advocates for being too slow with its GDPR investigations into large tech companies. In December 2020, the DPC issued its first GDPR financial penalty against a major U.S. tech company, fining Twitter 450,000 euros ($538,897).