Facebook may not face GDPR fine over data breach

null

Facebook could be fined as much as $1.63bn by a European Union privacy watchdog over a recently announced data breach in which hackers compromised the accounts of more than 50m of its users.

Ireland's Data Protection Commission (DPC), which is the social networking giant's lead privacy regulator in Europe, has demanded the company provide more information regarding the nature and scale of the breach as well as an estimate as to how many EU residents might have been affected.

Facebook's Chief Executive Mark Zuckerberg said that the social network is taking the breach very seriously and is currently trying to determine many details surrounding the scope and impact it had on its users.

The company's data breach is just one of many significant tests as to how regulators will apply the breach-notification and data-security provisions of GDPR which went into effect last year. The new European law may have already influenced how firms handle data breaches as more companies are disclosing them faster and more publicly than they did in the past.

Regulators are still trying to determine whether Facebook invested enough in security to prevent a data breach from taking place. Under GDPR, companies are required to notify regulators of a data breach within 72 hours or face a maximum fine equal to two per cent of their world-wide revenue.

Facebook apparently did notify Ireland's DPC within the 72-hour time limit so now regulators will determine if the social network did enough on its part to prevent a breach from taking place.

We are still in the early days when it comes to Facebook's recent data breach and over the coming weeks and months we will likely learn whether the steps it took were enough to prevent a breach in the eyes of EU regulators.

Image Credit: Endermasali / Shutterstock