Irish DPC comments on Facebook’s latest privacy breach
The Irish Data Protection Commissioner (DPC) has released a statement following the breach of the records of 533 million Facebook users. The DPC stated that previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality. The newly published dataset seems to comprise the original 2018 (pre GDPR) dataset and combined with additional records, which may be from a later period. Because this particular scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR. The DPC attempted over the weekend to establish the full facts and is continuing to do so. It received no proactive communication from Facebook.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.