The Data Protection Commission has today launched an “own volition inquiry” into Facebook following reports of a massive data leak. Last week, it emerged that there had been a leak of personal data belonging to approximately 533 million Facebook users worldwide. Within this group were over one million Irish social media users.
In response, the social media giant believed “the information in the data-set released this weekend was publicly available and scraped prior to changes made to the platform in 2018 and 2019” and had not reported anything to the DPC. Following a short period of consideration, the DPC today confirmed that “having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data”.
Own volition means the DPC may not have necessarily received an official complaint or has received a complaint and is first looking at the situation more broadly, as is the case with my own complaint against the Church’s handling of data under GDPR.
The ultimate goal of this action by the DPC is to determine whether or not Facebook Ireland “complied with its obligations, as data controller, in connection with the processing of personal data of its users” on any Facebook platform, including Instagram and whether or not the platform has not met the requirements of GDPR.