Facebook's CEO Mark Zuckerberg, arrives to meet France's President Emmanuel Macron after the "Tech for Good" Summit at the Elysee Palace in Paris, Wednesday, May 23, 2018.Associated Press/Francois Mori- Europe's default privacy regulator for Facebook will investigate whether Facebook broke the law after the social network hoovered up more than one million user email contacts without their consent.
- Ireland's data protection watchdog said on Thursday it will open a 'statutory inquiry' into whether Facebook broke Europe's strict privacy laws, the GDPR.
- Facebook has said the move was "unintentional" and that it is deleting the data.
Facebook is facing a multi-billion dollar fine for harvesting more than one million users' email contacts without their consent.
Ireland's Data Protection Commission (DPC), which is the default privacy regulator for Facebook in Europe, said on Thursday it had launched a "statutory inquiry" into the social network after it admitted collecting the data.
The news of a fresh investigation comes a day after Facebook announced that it would be setting aside $3 billion to cover the costs of a privacy investigation launched by the US regulators, during its first quarter 2019 earnings call.Business Insider was first to report on the news of the harvested email contacts in April, discovering a notification from Facebook that told people it was importing their email contacts in some circumstances without asking their permission.
Facebook said the issue had affected 1.5 million users and said at the time that the contact data was "unintentionally uploaded to Facebook," and that it planned to delete the information.
The DPC is investigating whether Facebook might have broken the law in Europe, specifically the GDPR, which came into force in May 2018.
Under these laws, any company that breaches data privacy could be fined up to €20 million or 4% of its global turnover, whichever amount is bigger. For Facebook, which pulled in over $55 billion in revenue in 2018 this would amount to a maximum fine of around $2.2 billion.
A spokesperson for Facebook did not immediately respond to Business Insider's request for comment.
In a statement previously sent to Business Insider, Facebook said that it planned to notify the 1.5 million users affected and delete their contacts from the company's systems."Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account," the spokesperson said in a statement.
"We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we're deleting them. We've fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings."