Half a billion Facebook accounts leaked – Facebook has knowingly withheld this information from authorities for years
7.4.2021
Question for written answer E-001873/2021
to the Commission
Rule 138
Virginie Joron (ID)
In early April 2021, news broke of a data breach involving 533 million Facebook accounts[1]. Personal information is at stake, including telephone numbers, locations and some email addresses[2]. This breach could affect 20 million Facebook users in France[3].
According to reports, on Tuesday 6 April Facebook told the Irish Data Protection Commission that it chose not to notify the relevant authorities[4] of the breach, arguing that the breach took place before the EU’s General Data Protection Regulation came into effect.
- 1.Can the Commission explain whether or not Facebook is allowed to ‘choose not to notify’ the relevant authorities of a personal data breach?
- 2.Can the Commission shed some light on the measures available to hold companies such as Facebook accountable for consciously deciding to keep information on a data breach to themselves?
- 3.Now that this news has emerged, will the Commission take legal action against Facebook?
- [1] https://www.lemonde.fr/pixels/article/2021/04/05/cinq-questions-sur-la-fuite-de-donnees-concernant-plus-de-533-millions-de-comptes-facebook_6075616_4408996.html
- [2] https://edition.cnn.com/2021/04/06/tech/facebook-data-leaked-what-to-do/index.html
- [3] https://www.liberation.fr/economie/economie-numerique/facebook-les-donnees-de-533-millions-dutilisateurs-en-fuite-sur-le-web-20210406_FNRIQR4PXBF5BK6ALSEREIOPOY/
- [4] https://www.euractiv.com/section/data-protection/news/facebook-to-irish-data-body-533-million-user-breach-took-place-before-gdpr/
Last updated: 26 April 2021