1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Facebook: Ireland opens privacy probe into data breach

April 14, 2021

Irish regulators are responsible for the investigation because the US tech giant has set up its European headquarters in Dublin. It will focus on reports that more than 500 million users saw their data leaked online.

Facebook CEO Mark Zuckerberg
Facebook CEO Mark Zuckerberg has faced queries from regulators worldwide about his firm's commitment to data privacy.Image: picture-alliance/AP Photo/M.C. Sanchez

Ireland's data regulator opened an investigation into Facebook on Wednesday over whether the social media giant breached EU privacy rules.

The country's Data Protection Commission (DPC) is looking into reports that some 533 million Facebook users worldwide were exposed on an online hacker forum. 

The breach affected people from more than 100 countries, and included names, Facebook IDs, phone numbers, locations, birthdates and email addresses.

Why is Ireland investigating?

Irish authorities are leading the inquiry because the US tech firm has its European headquarters in Dublin.

The DPC said in a statement that it was "of the opinion that one or more provisions" of EU or Irish law had been broken by Facebook, adding it had received "a number of responses" from the firm.

Facebook said it was "cooperating fully" with the regulator's inquiry, which it said "relates to features that make it easier for people to find and connect with friends on our services."

Facebook has faced questions about data privacy from regulators in recent yearsImage: Reuters/P. Wojazer

"These features are common to many apps and we look forward to explaining them and the protections we have put in place," a company spokesman said

Facebook last week published a blog post, seeking to downplay the row after the DPC first released a statement on April 6 saying it was aware of the breach.

EU to revolutionize how Big Tech works

02:02

This browser does not support the video element.

The tech giant said it was related to data scraped by hackers using its contact importer tool sometime before September 2019 and that the security loophole had since been fixed.

What has the EU done on data privacy?

EU governments brought in the bloc's General Data Protection Regulation (GDPR) which came into effect in 2018, granting social media users greater rights in relation to their data.

It is part of a wider drive to rein in the power of tech companies.

Companies who fall foul of the law can be hit with fines of either 20 million euros ($24 million) or up to 4% of their annual revenues, whichever is the greater amount.

Ireland’s DPC issued its first-ever GDPR penalty in December last year, hitting micro-blogging site Twitter with a fine of €450,000  (roughly $540,000).

It is also conducting probes into separate breaches by Facebook and its sister company, the photo-focused social media site Instagram.

Apple is another tech giant that has its European base in IrelandImage: picture-alliance/NurPhoto

The country has succeeded in attracting some of the world's biggest technology firms, such as Apple, to its shores owing to its 12.5% corporate tax rate. In France, it stands at 28%, while the German corporate tax rate is 30%.

jf/msh (AFP, AP)

Skip next section DW's Top Story

DW's Top Story

Skip next section More stories from DW