Facebook goes under formal EU privacy scrutiny after latest massive data breach

Facebook engineer working at the company’s HQ, Menlo Park, CA (Copyright: Facebook Inc., Source: Facebook Inc.’s website, newsroom)

Facebook engineer working at the company’s HQ, Menlo Park, CA (Copyright: Facebook Inc., Source: Facebook Inc.’s website, newsroom)

Last week, the European Union has announced it has formally launched an investigation into a massive data breach that has recently made vulnerable millions of Facebook accounts. The Irish Data Protection Commission, which is Facebook’s lead privacy regulator in Europe, said last Wednesday that it will look into whether the US social media giant is fully compliant with the General Data Protection Regulation, which entered into force earlier this year. The formal EU investigation focuses on the worst data breach in Facebook’s history, which was discovered by its engineers a couple of weeks ago, and that gave hackers the ability to take over some 50 million users’ accounts. If found guilty, the probe can cost Facebook up to $1.63bn.

Background

On Tuesday September 24, Facebook engineers found a bug in the “View As” feature of the popular social media, which allows people to see what their own profile looks like to someone else. The bug reportedly allowed hackers to crack the users’ accounts and access information of nearly 50 million people, of which nearly the 10 per cent was coming from the EU. The Menlo Park, California-based company said it had immediately disabled the feature to then open an internal verification. The company has then subsequently announced the bug was patched on Thursday. Parallelly, more than 90 million users had to log out of their accounts as a result of the breach, something that has been described as an “additional precautionary measure” taken with potentially comprised accounts.

The EU’s investigation

Last week, the EU said it had commenced an investigation under section 110 of the Data Protection Act 2018 into the breach that was notified by the US company the week before. Facebook’s lead regulator in the European Union, the Irish Data Protection Commissioner (DPC), then announced last Wednesday it was going to offically assess whether the social media giant is still compliant with General Data Protection Regulation (GDPR) after the hacker attack that made the accounts of millions of users vulnerable. The Irish authority said it was formally going to determine whether Facebook had “appropriate technical and organizational measures” in place to protect its users’ personal data.

“The investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data it processes,” the Commission said in a statement last week. The Spanish Data Protection Agency has reportedly said it would collaborate with the DPC on the probe “to protect the rights of Spanish citizens.”

Facebook’s reaction

The DPC has also said that Facebook had informed the Commission that their internal investigation is “continuing” and that the company “continues to take remedial actions to mitigate the potential risks to users”. The day Facebook unveiled the hacker attack, Mark Zuckerberg, Facebook Inc.’s President and CEO said: “While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place”. Also, according to The Guardian, a Facebook spokesperson said: “We have been in close contact with the Irish Data Protection Commission since we have become aware of the security attack and will continue to cooperate with their investigation”.

Quite a year

The security breach is believed to be the largest in Facebook’s history, but it’s not the one and only issue the US internet giant is facing. The company has been under increasing pressure – especially in the EU – for the past 12 months. One of the biggest news of the year was indeed concerning a data analytics firm once employed by the Trump campaign, Cambridge Analytica, which had improperly gained access to personal data from millions of Facebook users’ profiles. It was revealed that that data belonging to as many as 87 million Facebook may have been used to get President Donald Trump elected.

When the scandal exploded, Facebook CEO Zuckerberg had to appear at congressional hearings to give proof of Facebook’s privacy practices. Facebook CEO admitted on September 28, when unveiling the massive data breach, that the company faces “constant attacks from people who want to take over accounts or steal information around the world”.

Under the Commission’s lens

Also, last week’s scandal came only a couple of weeks after the EU commissioner in charge of consumer protection, Věra Jourová, warned Facebook Inc. she had “run out of patience” with the social network after for being too slow in updating its terms of service covering what happens to user data and said that the company could face sanctions.

According to Bloomberg, Commissioner Jourová told reporters in Luxembourg late last week that the latest Facebook breach is the “first big test case” for GDPR. The EU Commissioner also twitted last week she had spoken on the phone with Helen Dixon from the DPC about the Facebook data breach, and that she welcome her decision “to launch the investigation to examine if Facebook complies with GDPR”. “I offered my full support in getting to the bottom of this story”, Jourová also said.

GDPR’s frame

The risk that Facebook may face for this latest, massive data breach could be very hefty. Under the new GDPR European privacy regulations which came into effect in May, breaking privacy laws can result in fines of up to 4 percent of global revenue or 20 million euros, whichever is higher, as opposed to a few hundred thousand euros under previous regulation. Facebook Inc. has made over $40.65 billion last year in revenue, and so the total fine could amount to around $1.63 billion.

Advertising

Advertising

Advertising

Advertising

Featured Stings

Stopping antimicrobial resistance would cost just USD 2 per person a year

Our present and future tax payments usurped by banks

Why Italy will not follow the Greek road; Eurozone to change or unravel

Worldwide UN family celebrates enduring universal values of human rights

We are close yet so far…

China hopes EU Commissioner De Gucht drops super anti-dumping tariff on solar panels

Can the EU last long if it cuts Cyprus out?

Could Rwanda become Africa’s healthcare leader?

Do the EU policies on agro-food smell?

EU-UK: A deal synonymous to ‘remain’, England pays the Irish price

Court of Auditors: EU budget money is there to be spent not to create value

“BEUC cautions against TTIP that would seek to align EU and US chemicals management frameworks”

EU Top Jobs summit ended with no agreement: welcome to Europe’s quicksand!

A new bioeconomy strategy for a sustainable Europe

Window for a Brexit deal: Brussels to think again May’s proposal

MEPs react to breaches of human rights in Moldova, Burundi and Somalia

MWC 2016 LIVE: Telenor CEO calls on operators to embrace Mobile Connect initiative

European Commission recommends to the European Council (Article 50) to find that decisive progress has been made in Brexit negotiations

European Youth Capital 2019 announced: Novi Sad, Serbia

EU unveils plan to accelerate Capital Markets Union ahead of London’s departure from the bloc

7 key challenges for the future of ASEAN – and how to solve them

COP21 Breaking News_04 December: Launch of CREWS, climate risk & early warning systems

‘Dire consequences’ for a million children in the Middle East, North Africa, as funding dwindles

Dear China

Respect people’s peaceful assembly and fair trail rights, UN human rights wing urges Nicaragua

Despite funding crisis, Palestine refugee classrooms set to stay open, says UNRWA

How wealthy people transmit this advantage to their children and grand children

ECB should offer more and cheaper liquidity if Eurozone is to avoid recession

Aid teams respond to escalating southwest Syria conflict: 750,000 civilians are at risk

Social inclusion: how much should young people hope from the EU? 

Parliament adopts its position on digital copyright rules

To win combat against HIV worldwide, ‘knowledge is power’, says UNAIDS report

Africa’s inspiring innovators show what the future could hold

IMF: All you want to know about Argentina

EU’s Bank signs € 150 million loan to India as part of record investment in clean energy

Why Eurozone’s problems may end in a few months

Have central banks missed the exit train?

For how long will terror and economic stagnation be clouding the European skies?

Charlie’s tragedy energized deeper feelings amongst Europeans; back to basics?

Trump asked Merkel to pay NATO arrears and cut down exports ignoring the EU

We can’t tell if we’re closing the digital divide without more data

Erasmus+: an expected budget of €3 billion to be invested in young Europeans and to help create European Universities in 2019

UNICEF appeals for end to ‘war on children’ in Syria and Yemen

Economic sentiment and business climate stagnate in miserable euro area

UN chief condemns attack targeting international forces in northern Mali

Rule of law in Hungary: Parliament should ask Council to act, say committee MEPs

Budget MEPs approve €104.2 m in EU aid to Greece, Spain, France and Portugal

Lithuania vs Parliament over 2014 EU budget

Further reforms can foster more inclusive labour markets in The Netherlands

Banks suffocate the real economy by denying loans

EU’s new environmental policy on biofuels impacts both the environment and the European citizen

Northern Ireland: Parliament wants to secure post-Brexit regional funding

A Sting Exclusive: “Europe must be more ambitious in COP21 and lead on climate finance and sustainable development”, Green UK MEP Jean Lambert points out from Brussels

Russia and the West use the same tactics to dismember Ukraine

Campaign kicks off with High-level Event on #FairInternships

How dearly will Germany pay for the Volkswagen emissions rigging scandal

11 lessons the history of business can teach us about its future

IMF: How To Deal With Failed Banks

A Sting Exclusive: “Junior Enterprises themselves carry out projects focusing on the environment”, JADE President Daniela Runchi highlights from Brussels

Is Data Privacy really safe seen through Commissioner’s PRISM?

‘Passport to dignity’ that schools represent may expire fast, without emergency funding warns UN Palestine refugee agency

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s