Taking the next step in its inquiry into a data breach of Meta’s Facebook platform, the Irish Data Protection Commission (DPC) has submitted a draft decision to other concerned supervisory authorities across the European Union (EU).
As outlined in Article 60 of the EU’s General Data Protection Regulation (GDPR), those authorities now have one month to review the draft decision and “raise any ‘relevant and reasoned objections’ that they may have,” the DPC said in a statement Monday (Oct. 3).
“The Inquiry was scoped to consider a number of features provided by [Meta Platforms Ireland Limited (MPIL)] and whether MPIL had complied with its obligations regarding data protection by design and by default,” DPC Deputy Commissioner Graham Doyle said in the statement. “The DPC submitted its draft decision to its colleagues last Friday, 30 September, for their views on it.”
A Meta spokesperson told PYMNTS in an email: “[Unauthorized] data scraping is unacceptable and against our rules. We have engaged closely with the Irish Data Protection Commission on this important issue and continue to invest in our systems to prevent scraping on our platform. We will continue to work with our peers on this industry challenge and await the final report.”
The DPC’s inquiry began in April 2021 following media reports that personal data of 533 million Facebook users worldwide had been made available on the internet, according to the statement.
As reported at the time of the breach, the personal data that was leaked included phone numbers, emails, Facebook IDs, full names, locations, birth dates and bios, and the users who were affected included 32 million in the United States, 11 million in the United Kingdom and 6 million in India.
Read more: Facebook Hack Revealed; Data on 533 Million Users Breached
In March, the DPC fined Meta €17 million (about $18.6 million at the time) for violating the EU’s privacy regulations by failing to prevent earlier data breaches on its Facebook platform.
See also: Meta Fined $18.6M Over Facebook Data Breach
This case dated back to 2018, when the DPC launched an investigation into a breach that impacted tens of millions of Facebook accounts and, for one thing, gave outside developers access to millions of user photos.
For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.