An EU privacy watchdog is investigating Facebook’s recent data breach. If investigators find Facebook violated Europe's new General Data Protection Regulation (GDPR), the company might face fines up to $1.63 billion, according to the Wall Street Journal.
.@DPCIreland is awaiting from Facebook further urgent details of the security breach impacting some 50m users, including details of EU users which have been affected, so that we can properly assess the nature of the breach and risk to users. #dataprotection #GDPR #eudatap https://t.co/3oM3BSaSBS— Data Protection Commission Ireland (@DPCIreland) September 30, 2018
More than 50 million users were affected by the breach that was reported on Friday. Ireland's Data Protection Commission (DPC) is reportedly investigating the breach and has demanded more information from the Silicon Valley-based company in relation to the nature and scope of the hack.
GDPR yet to be tested
The General Data Protection Regulation is a set of stringent new privacy laws designed to protect user data of individuals within the European Union. The law that came into effect in May states that companies which don't sufficiently protect user data can face maximum fines of €20 million ($23 million), or 4% of the company's global annual revenue from the prior year, depending on which sum is larger.
In Facebook's case, the maximum sum would be approximately $1.63 billion. The commission’s case will try and ascertain whether Facebook did enough to try and protect its user's data prior to the breach.
The GDPR also requires companies to report to regulators any breach or potential breach within three days of the incident. Or else face a maximum fine of 2% of their global revenue.
However, according to a Facebook transcript, the social network did at the very least notify the Irish organization on September 28th. The DPC acknowledged Facebook did inform them of the breach but said that the report lacked ‘detail’.
Facebook notified the Irish Data Protection Commission @DPCIreland as per the full press transcript here. Also more information about the attack extent. #FBReach #GDPR https://t.co/Ct9IqglExb pic.twitter.com/27uOFYcRSH— Lukasz Olejnik (@lukOlejnik) September 28, 2018
90 million Facebook users required to log back into accounts
Facebook said they have reset the access token to almost 50 million accounts that they know were affected by the breach. In addition, Facebook says they have taken a precautionary step to reset access token for another 40 million accounts that have been subject to a “View As” look-up in the last year.
More than 90 million people will need to log back into their Facebook account. The ‘View As’ feature has been temporarily suspended as the investigation by Facebook into the hack continues.