An Irish rights organization is preparing to take Facebook to court for its failure to protect users’ data. The decision could also set a precedent.
In early April, it was revealed that the private data of more than 533 million Facebook users had been accessed through a public hacking forum. The information that has been removed includes phone numbers, full names, email addresses, dates of birth, and residence information.
As the data breach affects many European users, an Irish rights organization, Digital Rights Ireland (DRI), prepares to court on behalf of the EU citizens concerned. Dri director Antoin Ó Lachtnai said it was also a warning to other tech giants: it could be the first such mass action, but probably not the last, the BBC quoted him as saying. Facebook, meanwhile, argues that it made no mistake because hackers collected the information in the database from publicly available data.
According to Antoin Ó Lachtnai, the scale and magnitude of the data breach are very serious – not to mention that the laws protect users’ rights. Hence, tech giants need to take the protection of personal data seriously. According to the DRI, the social media site did not do so and did not inform those affected.
The data breach was detected in 2019 and patched, but the database it compiled was recently posted online. As a result, DRI believes that those involved in the lawsuit can receive damages up to EUR 12 000 (approximately HUF 4.3 million) per person.
Ray Walsh, a digital privacy expert at pro-privacy, said the lawsuit could set a precedent because if the court awards damages to users, a similar ruling could be given to other companies in the event of a future data breach. As a result, companies can also make greater efforts to protect user data.
If it is found that Facebook has not done enough to prevent data breaches, it may be penally imposed by the court on 4% of its annual financial turnover under the GDPR (The European Data Protection Regulation).