Facebook Facing Lawsuit Over Leaked Data

  • 18th May 2021
  • Michelle Pace
  • Cyber Crime
Facebook Facing Lawsuit Over Leaked Data

Facebook Facing Lawsuit Over Leaked Data

Facebook has hit the headlines yet again, this time with a threat of mass legal action from Digital Rights Ireland (DRI).

DRI has urged anyone in the European Union or European Economic Area affected by the data breach to contact them in a bid to launch a mass action lawsuit against the social media giant.

DRI chairman Dr TJ McIntyre has said -

“Forcing companies like Facebook to pay money to users whose privacy rights they’ve violated is the most effective way to really change the behaviour of these big tech companies. The prospect of class and mass actions is going to be a major impetus for the largest and most profitable of tech companies to become legally compliant and stop treating user data like a commodity”.

Facebook users affected by the data leak could be in line for compensation ranging from 300 Euros to as much as 12,000 Euros if the case is successful.

An estimated 530 million users have been affected by the data leak, which has seen personal data scraped from profiles, such as:

  • Names
  • Email addresses
  • Date of birth
  • Mobile phone numbers
  • Relationship status
  • Facebook IDs
  • Location
  • Biographies
  • Date of account creation

The breach was initially discovered over two years ago but the released information was difficult to find. Recently, the files have become readily available online having been published on a low-level hacker forum. Much of the leaked data was scraped from what was publicly available on user’s profiles, resonating with the LinkedIn data-scraping claims.

The leaked data originally was published during 2018 and 2019, and allegedly taken between June 2017 and April 2018. The timing of when the information was taken is important; if Facebook can prove that the data was taken before 25th May 2018, when the new GDPR laws came into effect, any likely regulatory action would be directed to the Data Protection Directive which devolves responsibility to member states.

Digital Rights Ireland state that Facebook has failed to “implement privacy by design and by default to protect user data” and continues to confirm that Facebook also failed to notify any affected individuals and also neglected to inform the Data Protection Commissioner. 

Due to Facebook having its European headquarters in Dublin, it has fallen to the Irish Data Protection Commissioner to ascertain whether the social media tech giant complied, or not, with data controller responsibilities when processing the data of its users.

A Facebook spokesperson told Hypebeast

“We understand people’s concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it. As LinkedIn and Clubhouse have shown, no company can completely eliminate scraping or prevent data sets like these from appearing. That’s why we devote substantial resources to combat it and will continue to build out our capabilities to help stay ahead of this challenge.” 

In December 2020, Twitter, another prominent social media platform, faced a 450,000 Euro sanction from the Data Protection Commissioner due to a data breach. Twitter actively disclosed the breach meaning that Facebook will likely face a higher penalty from the DPC due to non-disclosure and by claiming the data was old.

This case will be a first in Europe whereby lawful action is being taken against a tech company as DRI mounts its legal case.


Use your FraudWeb search that is a part of your free Notty account to see if any of your details are on the dark web.