Facebook faces mass legal action over data leak

Facebook users whose data was compromised by a massive data leak are being urged to take legal action against the tech giant.

About 530 million people had some personal information leaked, including, in some cases, phone numbers.

A digital privacy group is preparing to take a case to the Irish courts on behalf of EU citizens affected.

Facebook denies wrongdoing, saying the data was “scraped” from publicly available information on the site.

• Sinn Féin ‘questioned over Facebook data use’
• Facebook urged to end Instagram for children idea

Antoin Ó Lachtnain, director of Digital Rights Ireland (DRI), warned other tech giants its move could be the beginning of a domino effect.

“This will be the first mass action of its kind but we’re sure it won’t be the last,” he said.

“The scale of this breach, and the depth of personal information compromised, is gob-smacking.”

He added: “The laws are there to protect consumers and their personal data and it’s time these technology giants wake up to the reality that protection of personal data must be taken seriously.”

• Was your number leaked in Facebook data breach?
• Facebook faces investigation over data breach

DRI claims Facebook failed to protect user data and notify those who had been affected.

The data leak was first discovered and fixed in 2019, but was recently made easily available online for free.

DRI said individual users who take part in the legal action could be offered compensation of up to €12,000 (£10,445) if it is successful – based on what it says are similar cases in other countries.

‘Domino effect’

“If successful this could well set a precedent and open the door to further class action down the line,” Ray Walsh, a digital privacy expert at ProPrivacy, told the BBC.

“Big Tech might then find that being made to compensate individual users is a strong reminder to work harder on privacy compliance,” he added.

On Thursday, the Irish Data Protection Commission announced its decision to launch an investigation into the leak.

It will assess whether any parts of the GDPR or Data Protection Act 2018 were infringed by Facebook.

In a statement about that inquiry, Facebook said it “relates to features that make it easier for people to find and connect with friends on our services”.

It added: “These features are common to many apps and we look forward to explaining them and the protections we have put in place.”

If found to be in breach, the social media giant could face fines of up to 4% of its turnover.

Facebook declined to comment on the DRI’s legal case.