Facebook data-scraping breach triggers GDPR enforcement lawsuit in Ireland
Meta and its lead data protection regulator in the European Union are facing an interesting legal challenge over a major data-scraping breach and GDPR enforcement of it that led to a €265M penalty for Facebook last year.
The legal action, reported earlier by the Irish Examiner, is being brought by the digital rights group, Digital Rights Ireland (DRI) — which raised a complaint about the breach on behalf of two affected individuals and is unhappy about the finding by the Irish regulator that no security breach occurred.
So, essentially, the Irish regulator’s finding asserts that the Facebook data scraping breach occurred because of the design of Meta’s systems being insecure — yet, simultaneously, declines to find that users’ data was exposed because of a security vulnerability. Therefore it finds no infringement of the security of processing as defined by the GDPR — so no personal data breach, under the regulation and, consequently, no direct liability link to individuals for exposing their information and no need for the tech giant to consider whether it should inform affected users of a security breach.
Source: Facebook data-scraping breach triggers GDPR enforcement lawsuit in Ireland | TechCrunch