A technical glitch in Facebook’s security exposed data of 3 million Europeans to an unidentified hacker, where there are stringent laws in place for privacy protection and companies are penalized for violating the rules, said an Irish official.
Data of over 30 million FB users globally was exposed owing to the glitch, which gave access to the hackers to access the tokens or the keys to unlock the information.
Facebook said that the hackers accessed private information such as birth date, location, gender, check-in, pages they followed, their last 15 searches and so forth of 14 million users worldwide.
Ireland Data Protection head Graham Doyle mentioned that among these 14 million users, 3 million users belonged to Europe. Ireland is the headquarter of Facebook in Europe, thus, binding Facebook by jurisdiction of the data protection agency in Ireland. Though the nature of data exposed of 3 million users is yet unknown to the authorities, the matter was under investigation. Facebook has denied to provide further geographic details of the affected.
According to the latest data privacy law that came into picture in April, the data protection body is authorized to levy a penalty of up to 4% of their global revenue for data breach. Facebook’s net revenue was $40.7bn last year. Therefore, it can face a maximum penalty of $1.6 billion.
The GDPR (General Data Protection Regulation) stated that the penalty amount will be based on the nature, seriousness and duration of infringement and the total number of people affected.
According to the law, companies handling personal data of people such as the healthcare companies, tech firms and others need to obtain prior consent of the members in clear, plain language at the time of collecting the information. Also, it should give an option to the people to withdraw their consent at any time later. Furthermore, it is required that the companies implement adequate measures for data protection.