Ireland’s Data Protection Commission has opened an inquiry into Facebook following the discovery that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers.
In a brief statement on its website, the commission said that it has "commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR".
In March, Facebook said in a blog post that a security review carried out in January found passwords stored in a readable format on its data storage systems.
Canada’s Privacy Commissioner has also said that plans to take the social network to court over the 2018 Cambridge Analytica scandal.
"Facebook’s refusal to act responsibly is deeply troubling given the vast amount of sensitive personal information users have entrusted to this company," said Privacy Commissioner of Canada Daniel Therrien. "Their privacy framework was empty, and their vague terms were so elastic that they were not meaningful for privacy protection.
"The stark contradiction between Facebook’s public promises to mend its ways on privacy and its refusal to address the serious problems we’ve identified – or even acknowledge that it broke the law – is extremely concerning."
The news comes a day after Facebook said it had set aside $3 billion for a potential privacy fine linked to an ongoing investigation by the US FTC.
As reported by SC Media UK sister publication SC Media US, the fine would be largest ever levied by the FTC.
"In the first quarter of 2019, we recorded an accrual of $3 billion in connection with the ongoing inquiry of the FTC," according to a company statement. "This matter remains unresolved, and we estimate that the associated range of loss is between $3 billion and $5 billion."
Anjola Adeniyi, technical leader for EMEA at Securonix, told SC Media UK that Ireland has a strong role to play in ensuring the world of social media complies with GDPR regulations.
"Since Canada has already found Facebook to seriously contravene it’s privacy laws, one would expect the Irish regulator may find it violating GDPR as well. The password leak happened post-GDPR and identity theft is a potential risk so the Irish regulator is also investigating Facebook’s use of personal data," he said.