Facebook is facing seven separate data protection investigations in Ireland, as reported by Bloomberg. Facebook’s investigations are a part of 16 cases which major tech companies like Twitter, Apple, LinkedIn, and also Facebook’s WhatsApp and Instagram, are facing.
The main aim of these probes is to scale up the level of fines that regulator’s issue under GDPR. Currently, GDPR allows penalties as large as 4 percent of a company’s annual revenue. According to Ireland’s data protection commissioner, Helen Dixon, “These data protection probes are centered on the activities of very big internet companies with tens and hundreds of millions of users.”
The first EU probe against Facebook was opened by Ireland following a security breach that compromised 50M accounts in October last year. This security breach has not only affected user’s Facebook accounts but also impacted other accounts linked to Facebook. This means that a hacker could have accessed any account of yours that you log into using Facebook.
That second probe was initiated by Dixon’s office in December when a photo API bug affected people who used Facebook Login and granted permission to third-party apps to access their photos. This bug gave outside developers broader access to users’ photos affecting up to 6.8 million users and up to 1,500 apps built by 876 developers.
Per Dixon, “Other breach notifications received in my office since May 25 are related to coding errors, which leads to posts being made public that should have been private, or in a major breach. No company seems to be immune from this.”
Dixon mentions that the deciding cases are not trivial “We’re at various concrete stages in all of them, but they’re all substantially advanced,” she said. “The soonest I am going to see an investigation report on my desk, which is when my role kicks in” The final decisions on these sanctions are likely to be made in June or July.
Last week, U.S. District Judge Vince Chhabria overruled Facebook’s argument that it cannot be sued for letting third parties access users’ private data because no “real world” harm has resulted from the conduct. Last month, Russia’s popular watchdog, Roskomnadzor said that it opened a civil case against Twitter and Facebook for failing to explain how they plan to comply with local data laws. At the same time, the Federal Trade Commission (FTC) officials also planned to impose a fine of over $22.5 billion on Facebook post a year of data breaches and revelations of illegal data sharing. A U.S. Senator also introduced a bill titled ‘American Data Dissemination (ADD) Act’ for creating federal standards of privacy protection for big companies like Facebook.
“Companies are lawyering up and we’re typically dealing with more litigators and lawyers on the side of any inquiry that we conduct,” Dixon said. “It does show the power that they have in terms of the size. But we have all the cards in terms of the powers to investigate, to compel and ultimately to conclude and make findings.”
Read Next
Apple revoked Facebook developer certificates due to misuse of Apple’s Enterprise Developer Program.
Stanford experiment results on how deactivating Facebook affects social welfare measures