The Data Protection Commission, Ireland (“DPC”) in November, has imposed a fine of € 265 million on Facebook after an investigation triggered by reports that a “collated dataset” of user information for 533 million facebook accounts had been made available on web. The data included phone numbers,names, genders and Facebook Id’s of users.
While DPC found facebook guilty of violating several principles of GDPR , it denied any personal data breach within the meaning of Article 4(12) of GDPR . This means that facebook was not obliged to notify the victims individually of their personal data breach.
Digital Rights Ireland (“DRI”) is appealing this finding of DPC before the Circuit Court. As per DRI, DPC has “denied justice to victims by denying that it was personal data leak or data breach”.It contends that Personal data of about 100 million facebook users is still available on the internet which can be used to target the facebook users.