Ireland’s Data Protection Commission (DPC) has announced a fresh investigation into Facebook, a day after the social networking giant admitted another security breach where nearly 6.8 million users risked their private photos being exposed to third-party apps.
Facebook, which is already facing a probe from the Irish watchdog for a previous privacy leak in September that affected 50 million people, may end up with fine of 4 per cent of its annual turnover – the highest fine under the new European General Data Protection Regulation (GDPR), The Independent reported on Saturday.
In Facebook’s case, the fine could amount to nearly 1.5 billion euros.
“The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR on May 25, 2018,” a spokesperson for the watchdog was quoted as saying.
The fresh move came after Facebook on Friday said more than 1,500 apps built by 876 developers may have also been affected by the bug that exposed users’ unshared photos during a 12-day-period from September 13 to 25.
Facebook, in a statement, said it has fixed the breach and will roll out next week “tools for app developers that will allow them to determine which people using their app might be impacted by this bug”.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers. The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorised to access their photos.
“We’re sorry this happened,” said Facebook, adding that it will also notify the people potentially impacted by this bug via an alert.
Earlier this month, Italian regulators fined Facebook 10 million euros for selling users’ data without informing them.
The competition watchdog handed Facebook two fines totalling 10 million euros, “also for discouraging users from trying to limit how the company shares their data”.
The Irish watchdog, which is Facebook’s lead privacy regulator in Europe, in October opened a formal investigation into a data breach which affected 50 million users.
“The investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data it processes,” said the DPC.
The world’s largest social media network has been grilled over the past year for its mishandling of user data, including its involvement in a privacy scandal in March when Cambridge Analytica, a British political consultancy firm, was accused of illegally accessing the data of more than 87 million Facebook users without their consent.
The private information of Facebook users was alleged to be used to influence the US 2016 general elections in favour of President Donald Trump’s campaign. (IANS)