Facebook’s 15th birthday celebrations have been somewhat marred by confirmation that the company is the subject of seven separate data protection investigations under GDPR by the Irish Data Protection Commission.
Although exact details of each probe have not been released, the first big test case is likely to be the investigation into the October security breach that affected as many as 50 million accounts worldwide; it has since been confirmed that up to 3 million people in the EU were affected.
In December, the regulator announced a second probe into several other breach notifications by Facebook. That investigation also looks at a breach caused by a software bug that gave outside developers broader access to the photos of millions of users.
Commissioner Helen Dixon said the investigations are among 16 cases targeting big tech companies including Twitter, Apple, LinkedIn, and also Facebook’s WhatsApp and Instagram.
Many of the breach notifications the DPC has received since May 25 are related to coding errors, Dixon said, which result in issues such as posts being made public that should have been private, or in a major breach. “No company seems to be immune from this,” she said.
However, Dixon added: “Companies are lawyering up and we’re typically dealing with more litigators and lawyers on the side of any inquiry that we conduct.
“We’re at various concrete stages in all [of our investigations] but they’re all substantially advanced,” she said. “The soonest I am going to see an investigation report on my desk, which is when my role kicks in [to make a final decision on sanctions] is likely to be June or July in the bigger cases.”
Related stories
Watchdog collars Facebook over messenger merger plan
3 million EU users hit by Facebook security breach