Facebook goes under formal EU privacy scrutiny after latest massive data breach

Facebook engineer working at the company’s HQ, Menlo Park, CA (Copyright: Facebook Inc., Source: Facebook Inc.’s website, newsroom)

Facebook engineer working at the company’s HQ, Menlo Park, CA (Copyright: Facebook Inc., Source: Facebook Inc.’s website, newsroom)

Last week, the European Union has announced it has formally launched an investigation into a massive data breach that has recently made vulnerable millions of Facebook accounts. The Irish Data Protection Commission, which is Facebook’s lead privacy regulator in Europe, said last Wednesday that it will look into whether the US social media giant is fully compliant with the General Data Protection Regulation, which entered into force earlier this year. The formal EU investigation focuses on the worst data breach in Facebook’s history, which was discovered by its engineers a couple of weeks ago, and that gave hackers the ability to take over some 50 million users’ accounts. If found guilty, the probe can cost Facebook up to $1.63bn.

Background

On Tuesday September 24, Facebook engineers found a bug in the “View As” feature of the popular social media, which allows people to see what their own profile looks like to someone else. The bug reportedly allowed hackers to crack the users’ accounts and access information of nearly 50 million people, of which nearly the 10 per cent was coming from the EU. The Menlo Park, California-based company said it had immediately disabled the feature to then open an internal verification. The company has then subsequently announced the bug was patched on Thursday. Parallelly, more than 90 million users had to log out of their accounts as a result of the breach, something that has been described as an “additional precautionary measure” taken with potentially comprised accounts.

The EU’s investigation

Last week, the EU said it had commenced an investigation under section 110 of the Data Protection Act 2018 into the breach that was notified by the US company the week before. Facebook’s lead regulator in the European Union, the Irish Data Protection Commissioner (DPC), then announced last Wednesday it was going to offically assess whether the social media giant is still compliant with General Data Protection Regulation (GDPR) after the hacker attack that made the accounts of millions of users vulnerable. The Irish authority said it was formally going to determine whether Facebook had “appropriate technical and organizational measures” in place to protect its users’ personal data.

“The investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data it processes,” the Commission said in a statement last week. The Spanish Data Protection Agency has reportedly said it would collaborate with the DPC on the probe “to protect the rights of Spanish citizens.”

Facebook’s reaction

The DPC has also said that Facebook had informed the Commission that their internal investigation is “continuing” and that the company “continues to take remedial actions to mitigate the potential risks to users”. The day Facebook unveiled the hacker attack, Mark Zuckerberg, Facebook Inc.’s President and CEO said: “While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place”. Also, according to The Guardian, a Facebook spokesperson said: “We have been in close contact with the Irish Data Protection Commission since we have become aware of the security attack and will continue to cooperate with their investigation”.

Quite a year

The security breach is believed to be the largest in Facebook’s history, but it’s not the one and only issue the US internet giant is facing. The company has been under increasing pressure – especially in the EU – for the past 12 months. One of the biggest news of the year was indeed concerning a data analytics firm once employed by the Trump campaign, Cambridge Analytica, which had improperly gained access to personal data from millions of Facebook users’ profiles. It was revealed that that data belonging to as many as 87 million Facebook may have been used to get President Donald Trump elected.

When the scandal exploded, Facebook CEO Zuckerberg had to appear at congressional hearings to give proof of Facebook’s privacy practices. Facebook CEO admitted on September 28, when unveiling the massive data breach, that the company faces “constant attacks from people who want to take over accounts or steal information around the world”.

Under the Commission’s lens

Also, last week’s scandal came only a couple of weeks after the EU commissioner in charge of consumer protection, Věra Jourová, warned Facebook Inc. she had “run out of patience” with the social network after for being too slow in updating its terms of service covering what happens to user data and said that the company could face sanctions.

According to Bloomberg, Commissioner Jourová told reporters in Luxembourg late last week that the latest Facebook breach is the “first big test case” for GDPR. The EU Commissioner also twitted last week she had spoken on the phone with Helen Dixon from the DPC about the Facebook data breach, and that she welcome her decision “to launch the investigation to examine if Facebook complies with GDPR”. “I offered my full support in getting to the bottom of this story”, Jourová also said.

GDPR’s frame

The risk that Facebook may face for this latest, massive data breach could be very hefty. Under the new GDPR European privacy regulations which came into effect in May, breaking privacy laws can result in fines of up to 4 percent of global revenue or 20 million euros, whichever is higher, as opposed to a few hundred thousand euros under previous regulation. Facebook Inc. has made over $40.65 billion last year in revenue, and so the total fine could amount to around $1.63 billion.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Top UN rights official urges transparent probe into Khashoggi disappearance

Neither side stands to benefit in US-China trade spat, UN says

Questions and Answers on issues about the digital copyright directive

EP President calls for emergency assistance to migrants stranded on Open Arms boat

Women’s rights face global pushback from conservativism, fundamentalism – UN experts warn

Team Europe: €34 billion disbursed so far to tackle COVID-19 in partner countries

Here’s why China’s trade deal with Mauritius matters

Data marketplaces can transform economies. Here’s how

Eurozone: Even good statistics mean deeper recession

Primary Care: a way to provide Palliative Care in Universal Health Coverage

To solve the climate crisis, we need an investment revolution

Creating shared value: an opportunity and challenge for entrepreneurship

Bulgaria: MEPs call for EU values to be fully and unconditionally respected

JADE President opens JADE Spring Meeting 2014

Being blinded by labels stops social change. Art helps us see a better future

As threats to IoT devices evolve, can security keep up?

Innovation and entrepreneurship can cut waste and deliver the circular economy

EU Budget 2020 conciliation talks suspended

Global immunization is having its annual check-up. What can we learn?

UN cooperation with League of Arab States ‘pivotal’, UN chief tells Security Council

EU Budget 2019 to focus on young people

Three experts on why eradicating plastic pollution will help achieve gender equality

Berlin wants to break South’s politico-economic standing

This is where teachers are most (and least) respected

Understanding the gender gap in the Global South

European Parliament approves new copyright rules for the internet

Chile ups foreign bribery enforcement but flawed case resolutions are insufficient to ensure transparency and accountability

India’s economy is an ‘elephant that is starting to run’, according to the IMF

What will Germany look like after the next election?

Half the world’s population is still offline. Here’s why that matters

As G7 calls time on coal, have you checked your supply chain?

Campaign kicks off with High-level Event on #FairInternships

Could 2021 be a turning point for forests and climate change?

New UN Syria envoy pledges to work ‘impartially and diligently’ towards peace

The sustainable fashion revolution is well underway. These 5 trends prove it

Arrest of three Libyans wanted for grave crimes ‘would send strong and necessary message’ to victims, urges top Prosecutor

Rule of Law mechanism applies without further delay as of 1 January, MEPs stress

Indonesia has a plan to deal with its plastic waste problem

Rise in violent conflict shows prevention ‘more necessary than ever’: UN chief

Yemen: ‘A great first step’ UN declares as aid team accesses grain silo which can feed millions

Using CO2 as an industrial feedstock could change the world. Here’s how

Protecting European consumers: toys and cars on top of the list of dangerous products

MEPs call for the protection of fundamental values in the EU and worldwide

The West and Russia accomplished the dismembering and the economic destruction of Ukraine

WHO chief underscores need to address climate change following visit to Bahamas

After the George Floyd protests, what next for racial justice in the US?

80,000 youngsters at risk in DRC after forcible expulsion from Angola: UNICEF

Don’t take African generosity towards refugees for granted, says UN refugee chief

Humanitarian action: New outlook for EU’s global aid delivery challenged by COVID-19

Food choices today, impact health of both ‘people and planet’ tomorrow

From DIY editing to matchmaking by DNA: how human genomics is changing society

How global tech can drive local healthcare innovation in China

Here’s why the tech sector could be the next target for Chinese investment in Africa

Is South Korea set to lose from its FTA with the EU?

Artificial Intelligence raises ethical, policy challenges – UN expert

The future of manufacturing is smart, secure and stable

European Semester Autumn Package: Bolstering inclusive and sustainable growth

Can the world take the risk of a new financial armageddon so that IMF doesn’t lose face towards Tsipras?

GSMA Mobile 360 – Africa: Rise of the Digital Citizen, Kigali 16 – 18 July 2019, in association with The European Sting

Universal Health Coverage will ‘drive progress’ on 2030 Development Agenda

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: