DPC opens statutory inquiry into Facebook after bug exposes photos of 6.8 million users

Social media firm said bug gave third-party apps permission to access a user’s photos

Facebook said it believes the bug affected up to 1,500 apps built by 876 developers. Photograph: Elijah Nouvelage/Reuters

Facebook said it believes the bug affected up to 1,500 apps built by 876 developers. Photograph: Elijah Nouvelage/Reuters

 

The Data Protection Commission has opened a statutory inquiry into whether Facebook is compliant with European data protection law, it has confirmed.

The move follows Facebook’s announcement on Friday that it had discovered a bug that may have affected up to 6.8 million people who used Facebook login to grant permission to third-party apps to access photos.

The company said in a blog that the problem has been fixed but that it may have affected up to 1,500 apps built by 876 developers.

Facebook said some third-party apps may have gained access to broader set of photos than usual for 12 days between September 13th and September 25th.

The bug is the latest in a string of privacy problems the tech giant disclosed this year, including the massive Cambridge Analytica data scandal in April and a data breach of nearly 30 million accounts in October.

A spokesman for the commission said it had received “a number of breach notifications from Facebook since the introduction of the General Data Protection Regulation on May 25th, 2018”.

“With reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook’s compliance with the relevant provisions of the GDPR,” he said.

The statutory inquiry is separate to one that was opened by the commission following a massive data breach impacting about 50 million Facebook users in September. In total, the commission now has 16 statutory inquiries open into multinationals based in Ireland.

Of the bug in question, the social media firm said: “We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug.

“We will be working with those developers to delete the photos from impacted users.

“We will also notify the people potentially impacted by this bug via an alert on Facebook. The notification will direct them to a Help Center link where they’ll be able to see if they’ve used any apps that were affected by the bug.”

The social network recommended that users log into any apps, which they have previously given access to their photos, to check which images the app has access to. – PA