In short: Facebook is facing a ten-figure fine from the European Union over the latest data breach that it estimates compromised some 50 million users on a global level. Ireland’s Data Protection Commission revealed less than 10-percent of the affected users are EU citizens but confirmed it’s looking into the matter earlier this week. In theory, the agency could issue the company with a fine amounting to up to four percentage points of its annual revenue due to the transgression, as per the General Data Protection Regulation which went into effect in late May.
Background: Facebook’s consolidated financial report for 2017 revealed a turnover north of $40 billion, meaning its theoretical fine may rise above $1.6 billion. The European Commission has been cracking down on problematic behavior from American companies for some time now, with Google so far bearing the bulk of the pressure as the company ended up breaking the record for the largest EU-issued antitrust fine on two occasions within a year. The GDPR is also related to that endeavor, though the legislation is primarily aimed at improving the digital privacy of all EU citizens, regardless of their online services of choice. Facebook actually tried to profile itself into one of the largest GDPR supporters, having pledged to implement its basic principles into all of its privacy policies, even those affecting users from outside of the EU. Despite that pledge, the company moved to circumvent the rules as much as possible immediately following their introduction.
Impact: The EU’s track record with regulating Facebook suggests the maximum fine for the company’s latest data breach is unlikely. Regardless, the development marks one of the GDPR’s first major tests as despite being one of the strictest data privacy laws ever introduced in the West, the effectiveness of the legislation will depend on how aggressively it’s enforced.