Context:
-
Facebook noticed an unusual spike in the number of times the platform’s ‘View As’ feature was being used. Subsequently, Facebook announced that it had identified this as a malicious activity in which the access tokens of 50 million users were appropriated by unknown hackers, and certain personal details possibly accessed.
-
Facebook was caught on the wrong foot earlier this year, when the Cambridge Analytica scandal broke.
-
The Cambridge Analytica episode revealed that data of up to 87 million users were harvested and used for political campaigning.
Action taken by Facebook:
-
Facebook has since said it has resolved the bugs.
-
Also, pursuant to these developments, Facebook is said to be working with the FBI on the issue.
-
Facebook has also informed the Irish Data Protection Commission, since the European Union’s strict new data protection law states that it has to be informed within 72 hours if anyone in the European Economic Area is affected.
-
The Commission has started a probe, and Facebook faces a fine that could go over a billion dollars.
EU’s General Data Protection Regulation (GDPR):
-
It was the European Union (EU)’s General Data Protection Regulation (GDPR), which came into force this May, 2018, that forced Facebook to go public with the breach so promptly, even before the full extent of the damage could be assessed.
-
The GDPR’s stringent guidelines require companies to make such events known within three days of their discovery.
-
Facebook faces a potential penalty of €20 million or 4% of its global revenue (whichever is higher) if the EU regulator investigating the data breach finds a GDPR violation in connection with the incident.
Way Forward:
An equitable regulatory regime such as the GDPR must become the universal norm, in force beyond the EU jurisdiction as well.