Fri, Oct 05, 2018 - Page 7 News List

Irish data watchdog to probe Facebook data breach

MITIGATING FACTORS:The responsible European commissioner said the company was unlikely to face a 1.4bn euro penalty, as it notified authorities within 72 hours, as required


The Irish Data Protection Commission (DPC) on Wednesday launched an investigation into Facebook, bringing stringent new European privacy laws to bear on the tech titan after a security breach exposed 50 million accounts.

The move comes after the social media firm admitted to the data breach in a blog post on Friday last week, saying that attackers exploited a vulnerability in the Web site’s code last month in a way that could have given them access to people’s accounts.

“The Irish Data Protection Commission has today, 3 October 2018, commenced an investigation... into the Facebook data breach,” a DPC spokesman said in a statement.

“In particular, the investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organizational measures to ensure the security and safeguarding of the personal data it processes,” the spokesman said.

The Irish probe has been touted as the first major test of the reformed European regulation that came into effect in May. The GDPR gives regulators sweeping powers to sanction organizations that fail to adhere to heightened standards of security when processing personal data.

Firms can be fined up to 4 percent of their annual global turnover if they fail to abide by the rules — meaning that Facebook faces a theoretical fine of 1.4 billion euros (US$1.61 billion), based on its revenue last year of 35.2 billion euros.

However, on Tuesday, European Commissioner for Justice, Consumers and Gender Equality Vera Jourova said that the social media giant is unlikely to face the maximum penalty because it adhered to rules requiring notification of the data breach within 72 hours.

This “is one of the factors which might result in lower sanctions,” Jourova told reporters in Luxembourg. “But this is only theoretical.”

“We have been in close contact with the Irish Data Protection Commission since we have become aware of the security attack and will continue to cooperate with their investigation,” Facebook said in a statement.

In its post on Friday last week, Facebook said that the data breach happened on Tuesday last week.

“This allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts,” Facebook vice president of product management Guy Rosen wrote. “We have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.”

On Monday, the DPC said its staff believed that of the total profiles potentially impacted, less than 10 percent were EU accounts.

Facebook — which has its international headquarters in Ireland — is already suffering from a tainted reputation on data security following the Cambridge Analytica scandal.

In that case, tens of millions of users had their personal data hijacked by the political firm, which worked for then-US presidential candidate Donald Trump in 2016.

This story has been viewed 1643 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top