Facebook lost control of their data in a massive security breach (which affected 5 million Europeans and over 50 million users across the globe) and this caught the attention of the Europen Union’s (EU) top data privacy enforcer.
“It is a question for the management if they have things under control,” Vera Jourova, EU Justice and Consumer Affairs Commissioner, said to the AFP in Luxembourg.
She stated that even as the company is enormous it is still responsible for managing the data it holds. They need to comply with the rules (GDPR) because they are harvesting the data (which rakes them in a lot of money by using the privacy of its users as a commodity).
She opened up just a couple days after Facebook publicly announced the privacy breach.
“I will know more … in hours or days but according to our knowledge, five million Europeans have been affected out of those 50, which is an incredible number,” she spoke.
She also said how the new rules on data protection which was implemented earlier this year through the form of General Data Protection Regulation (GPDR) could be felt and demonstrated through Facebook’s quick announcement of the breach.
GDPR is currently being labelled as “the biggest shake-up” on privacy regulations ever since the birth of the internet and has given European regulators a new sense of enforcement power.
According to her, one of the worst cases would be if a huge company was to suffer a major breach and if the company fails to publicly announce to their users about the unfortunate event. Not the case in this Facebook instance.
Negligent companies who do not comply with GDPR can be fined up to 4 percent of their annual global turnover, which includes notifying users of a data breach within 72 hours. Facebook has met this requirement, Jourova said and that this might be a factor to consider for them to get lower sanctions, theoretically.