CASE STUDY

Facebook Faces Fresh Probe After Photo Leak

Tim Bradshaw in London

December $14,2018$

Facebook has been hit with the broadest data protection investigation yet in Europe after the social media group revealed another leak of private photos belonging to millions of people.

The Irish data protection commission said it had opened a new investigation into Facebook because of its high number of data breaches this year.

The social network said on Friday that it had discovered a problem with the way hundreds of third$-$party developers accessed photos using its app platform. The flaw leaked private photos that Facebook users had uploaded but not chosen to share publicly.

"Because of this bug, some third$-$party apps may have had access to a broader set of photos than usual for $12$ days between September $13$ to September $25,2018,"$ Facebook's engineering director Tomer Bar said. "Currently, we believe this may have affected up to $6\mathrm{.}8m$ users and up to $1,500$ apps built by $876$ developers."

The Irish data protection commissioner said in response to Facebook's revelation that it had opened an investigation into the Silicon Valley company's compliance with the EU's General Data Protection Regulation$-$not just on the latest leak but on the broad spread of privacy issues this year.

"The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR on May $25,2018,"$ a spokesperson said. "With reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook's compliance with the relevant provisions of the GDPR$."$

Facebook has been left reeling from a series of privacy and security problems in the wake of the Cambridge Analytica scandal, which has prompted investigations from regulators in the US$,$ Europe and the UK$.$

In September, Facebook disclosed a cyber attack that it said could have exposed the personal information of tens of millions of its users.

Under GDPR$,$ companies must inform regulators of any data breach within $72$ hours of its discovery. Fines can run to as much as $4$ per cent of a company's global revenues for the prior year.

$72$ PART I $\text{'}$ THE GLOBAL MANAGER'S ENVIRONMENT

Facebook said it was "sorry" the latest photo breach had happened and would release a tool next week to help developers determine which users had been affected. $"$We will also notify the people potentially impacted by this bug via an alert on Facebook," it said.

Source: $(5)2018$ The Financial Times Limited $2018.$

Case Questions

$2-11.$ Who are Facebook's stakeholders? What are the social responsibilities of the company? To what level of CSR or CSV is the company adhering at the time of this case?

$2-12.$ No doubt, much will have transpired since the writing of this case regarding Facebook's privacy challenges. Research and compile an update. What other privacy issues have arisen in Europe, in the United States, and around the world? What has Mark Zuckerberg done about it to placate the public and preserve the brand?

$2-13.$ What is your personal opinion about the problems of privacy from using Facebook?

$2-14.$ What regulations or restrictions for Facebook have been put in place in Europe and the United States? Do you agree with them?