Facebook really seems to have gotten itself into quite a mess after personal data of millions of users was leaked earlier this month. In the latest turn of events, the Irish Data Protection Commission, the lead data supervisor of the social media tech giant in the European Union has decided to open a full-fledged investigation to check whether the company violated any rules pertaining to data protection when it came to the leak. 

In a statement, the Commission has said that an own-volition enquiry pursuant has been launched under Section 110 of the Data Protection Act of 2018, after multiple media outlets reported that the personal data belonging to around 533 million Facebook users was put up on public display over the internet. In response to these reports, the Commission held discussions with the Ireland branch of the firm, and these discussions eventually led to the issue of adherence to the General Data Protection Regulation (GDPR) guidelines, which were adopted by the European Parliament in 2016.

Thorough scrutiny of the information provided by Facebook Inc. Ireland on the issue has led the Data Protection Commission to withhold the opinion that the company may have, in fact, violated one or more provisions of the GDPR guidelines, as pertaining to the personal data of users. As such, the investigation-cum-enquiry has been launched to assess whether Facebook Ireland complied with the provisions or not, especially when it came to the handling and processing of the information provided by users. The important features under scrutiny as of now are the Facebook Messenger Contact Importer, Instagram Contact Importer, and Facebook Search. The data watchdog has also added in its statement that it intends to check “whether any provision(s) of the GDPR and/or the Data Protection Act 2018 have been, and/or are being, infringed by Facebook in this respect.”

The issue of the data leak was already under scrutiny, and the Commission eventually stepped in so as to build pressure onto the Data Protection Commissioner. In a tweet made on Monday, Didier Reynders, Justice Commissioner, said, “The Commission continues to follow this case closely and is committed to supporting national authorities,” he added, going on to urge Facebook to “cooperate actively and swiftly to shed light on the identified issues”.

He also mentioned that he has held talks with Helen Dixon from the Commission regarding the matter, and he was reportedly informed about the “issues at stake”, as well as the “different tracks of work” which can be taken to solve the problem, according to a spokesperson for the Commission. The spokesperson also added, “They both urge Facebook to cooperate swiftly and to share the necessary information. It is crucial to shed light on this leak that has affected millions of European citizens,” and mentioned that while the case rests with the data protection authority of Ireland, the Commission is ready to provide any assistance needed. 

What comes as a shock is that even though the leak was allegedly caused by a security vulnerability that Facebook had witnessed back in 2019, and had since been fixed, the SNS mogul did not bother to inform its lead data supervisor (that is, the Data Protection Commission or DPC) of the vulnerability back when it first happened. Instead, the DPC too, had to find out about it the hard way, when news of the massive data leak made headlines.

In fact, Facebook still holds that it is not willing to notify the users whose data has been breached, since it itself does not feel “confident” about possessing adequate information about the people affected. Nevertheless, the company might be expected to face a fine that is up to 4 percent of the humongous global revenue equaling 86 billion dollars.