The investigation into the leak that revealed 533 million Facebook users in 106 countries of the European Union has been officially opened. Ireland’s Data Protection Committee (DPC), which previously requested information from the company, said it will investigate whether there has been a breach of the GDPR (General Data Protection Regulation).
In a statement, DPC said it had received clarifications after contacting Facebook. The agency considered it appropriate to ascertain whether the company fulfilled its obligations as a data controller. In addition to the GDPR, an investigation will look into whether there has been a breach of Ireland’s data protection law.
“The DPC, having looked at the information provided by Facebook on this matter thus far, understands that one or more provisions of the GPDR and / or the Data Protection Act 2018 may have been and / or are being violated in relation to the personal data details of Facebook users. .
Facebook said it was in contact with the regulator to explain the case. The company said to TechCrunch Who cooperates in investigating features that allow you to find friends on the social network by cell phone number. The company said: “These features are common to many applications and we are keen to explain them and the protection we have implemented.”
Understand data leakage on Facebook
According to Facebook, the data of 533 million users – 8 million in Brazil alone – was obtained through scraping (or scraping), which allows the information to be collected in an automated way. This technology was used in a resource that aims to search for friends by cell phone number.
The company discovered this practice and corrected the breach in September 2019. However, the data collected continued to circulate online. In January, a bot on Telegram began selling cell phone numbers at a cost of $ 20 per registration. The organizers only asked for clarifications in April, when the data was posted for free on online forums.
The data includes mobile phone number, Facebook ID, first and last name, and gender. In some records, it is also possible to find the current city, original city, relationship status, company, email, date of birth, and the date the information was collected.
The General Data Protection Act (GDPR), which inspired the creation of the LGPD (General Data Protection Act), went into effect in the European Union in May 2018. So, Facebook had to follow what the law required, such as notifying authorities of the leak. The company did not, and to add insult to injury, it indicated that it had no intention of notifying affected users of the incident.
Facebook leak under investigation on suspicion of GDPR violation
We also see: