Moscow: Ireland’s Data Protection Commission, the national authority responsible for the protection of personal data, has announced that they are launching an inquiry into Facebook after being made aware of a dataset containing the personal data of some 533 million users from all around the world.
“The Data Protection Commission (DPC) today launched an own-volition inquiry pursuant to section 110 of the Data Protection Act 2018 in relation to multiple international media reports, which highlighted that a collated dataset of Facebook user personal data had been made available on the internet. This dataset was reported to contain personal data relating to approximately 533 million Facebook users worldwide,” the commission’s press release on the matter read.
The DPC was established under Ireland’s Data Protection Act 2018, which tasked them with preventing, detecting, investigating, and prosecuting criminal violations of both Irish and EU data privacy laws.
In their statement, the commission cited section 110 of the act as their justification for launching an inquiry into Facebook. This section grants the DPC the authority to investigate past or ongoing violations of data privacy laws and regulations should they have reason to believe they exist.
The massive dataset is not new, having first emerged back in 2019 as a purchasable dataset for hackers. It includes users’ personal information such as names, phone numbers, emails, and birthdates. However, the DPC’s inquiry comes after the dataset re-emerged, freely available, on a hacking forum.
“The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data,” the release said.
Should Facebook be found guilty of any violations, they could face up to 20 million euros ($24 million) in fines under the EU’s General Data Protection Regulation laws.