Facebook leak becomes first big test for GDPR

Facebook leak becomes first big test for GDPR

The recent Facebook leak affects three million EU citizens. That’s what the Irish Data Protection Commission said last Tuesday. CEO Mark Zuckberberg’s social network may face a fine of more than one billion dollars if the company does not meet GDPR’s requirements.

Within the General Data Protection Regulation it is mandatory for companies to report a data breach within 72 hours. The question is whether Facebook has succeeded in doing so. The social network announced a week ago that the data of 29 million users had been captured in the event of a leak – initially 50 million users were thought to have been captured.

Within 72 hours

Stolen information includes names, dates of birth, workplaces and contact details such as e-mail addresses and telephone numbers. Under the GDPR rules, companies are obliged to report a data breach within 72 hours. Companies that do not comply with this will be fined a maximum of 4 percent of the worldwide annual turnover. Facebook earned more than 40.65 billion dollars last year, so the fine could amount to 1.63 billion dollars.

According to CNBC, this data leak is the first real trial for the GDPR. Facebook announced on 28 September that there had been a data breach. At that time it was thought that 50 million accounts had been hacked, but that number was reduced to 30 million last Friday. In addition, the company confirmed that 29 million users had been hacked into both their names and contact details. Of these 14 million users, gender, relationship status and recently visited sites were captured at the hack, among other things.

European citizens affected

Facebook initially refused to share how many of the affected users were in the European Union. Later the company told the Irish Data Protection Commission that ten percent of the accounts were European. The question is whether that fact was shared in time. In any case, the data breach is now being investigated by the Irish committee.

Vera Jourova, European Commissioner for Justice, said earlier this month that there are strict rules for this type of company. There are also very strong tools for disciplining companies dealing with people’s personal data.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.