scorecard
  1. Home
  2. Home
  3. Facebook could be fined up to $1.63 billion for a massive breach which may have violated EU privacy laws

Facebook could be fined up to $1.63 billion for a massive breach which may have violated EU privacy laws

Rosie Perper,Rosie Perper   

Facebook could be fined up to $1.63 billion for a massive breach which may have violated EU privacy laws
Home2 min read

Mark Zuckerberg

Reuters

  • Facebook may be fined as much as $1.63 billion by an EU privacy watchdog for a recent data breach announced Friday that compromised the personal information of more than 50 million users.
  • The hack may have violated the EU's new privacy law called the General Data Protection Regulation, which would result in a hefty fine if EU citizens were affected.
  • Under the law, companies that don't sufficiently protect user data face maximum fines of €20 million ($23 million), or 4% of the company's global annual revenue from the prior year, depending on which sum is larger.
  • We know of at least two high-profile victims in the data breach: Facebook CEO Mark Zuckerberg, and COO Sheryl Sandberg.


Facebook may be fined as much as $1.63 billion by an EU privacy watchdog for a recent data breach announced Friday that compromised the personal information of more than 50 million users.

According to the Wall Street Journal, Ireland's Data Protection Commission, Facebook's lead regulator in Europe, said on Saturday it demanded more information about the nature and scope of the hack, which may have violated the EU's new privacy law called the General Data Protection Regulation.

The strict new regulation went into affect in May, and aims to safeguard user data for individuals within the European Union. Under the law, companies that don't sufficiently protect user data face maximum fines of €20 million ($23 million), or 4% of the company's global annual revenue from the prior year, depending on which sum is larger.

In Facebook's case, the maximum fine would be $1.63 billion, according to the Journal. The case would likely center around whether Facebook took appropriate steps to safeguard its user data before the breach, it added.

Companies are also required to notify regulators within 3 days of a potential breach, facing a maximum fine of 2% of their global revenue. Ireland's Data Protection Commission said Facebook notified it of the breach within that time frame, though the report "lacked detail," the Journal added.

But the occurrence of a security breach is not enough to warrant a fine, and the new privacy law's fines have yet to be tested. According to the Journal, EU regulators often decline to issue a maximum fine when a company has cooperated, in part of fully, with an investigation.

On Friday, the tech firm revealed it had detected a security breach in which attackers gained access to the personal information of around 50 million Facebook users.

The hackers also gained access to personal information from third-party apps and services, like Tinder, Spotify, Airbnb and Instagram, which allow users to sign up using their Facebook login.

It remains unclear who was behind the attack, and whether specific persons were targeted.

But we know of at least two high-profile victims in the data breach: Facebook CEO Mark Zuckerberg, and COO Sheryl Sandberg. A spokesperson confirmed to Business Insider that the company's two top execs had been affected.


Advertisement

Advertisement