The Irish Data Protection Commission is to launch an investigation into a data leak during which the small print of many Facebook users was published online.
It had previously been looking into claims from Facebook that the info was old, from a previously reported leak in 2019.
But it now says that there could have been a breach of data laws.
Facebook said it was “cooperating fully”.
In a statement, the firm said the inquiry “relates to features that make it easier for people to find and connect with friends on our services”.
It added: “These features are common to several apps and that we anticipate explaining them and therefore the protections we’ve put in a situation.”
The Irish regulator may be a key one in such investigations as Facebook’s European headquarters are in Dublin.
‘Cause for Concern’
The dataset of 533 million people from 106 countries was published on a hacking forum earlier this month, although the info had initially been scraped from Facebook some years earlier.
The feature that was manipulated to access the info was changed in 2019 after Facebook became aware that it had been being abused.
Although not each piece of knowledge was available for each user, the massive scale of the leak was a cause for concern among privacy experts.
In a statement, the DPC said it had checked out the evidence and was “of the opinion that one or more provisions of the GDPR and/or the info Protection Act may are, and/or are being, infringed about Facebook users’ personal data”.
“Accordingly, the Commission considers it appropriate to work out whether Facebook Ireland has complied with its obligations, as data controller, about the processing of private data of its users.”
Firms found to be in breach of GDPR face fines of up to 4% of their annual global turnover.