Facebook’s lead regulator in the European Union, the Irish Data Protection Commissioner (DPC), on Friday began an investigation into a number of breach notifications received from the social networking site.
“The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR (General Data Protection Regulation) on May 25, 2018,” a spokesman for the commissioner said in a statement, referencing Europe’s new privacy regulations.
“With reference to these data breaches…we have this week commenced a statutory inquiry examining Facebook’s compliance with the relevant provisions of the GDPR.”
Facebook said on Friday it had fixed a bug that may have exposed the private photos of up to 6.8 million users, the latest in a string of glitches that have caused regulators around the world to investigate its practices.
Although this doesn’t mean the photos were actually seen by anyone, the revelation of the bug offers another reminder of just how much data Facebook has on its 2.27 billion users and how often these sorts of slipups happen.
In a blog post, the company said the bug affected 6.8 million people who granted permission for third-party apps to access the photos. Facebook said the users’ photos may have been exposed for 12 days in September and that the bug was fixed.
Generally, when people give apps access to their photos, it means only photos posted on their Facebook page. Facebook says the bug potentially gave developers access to other photos, such as those shared on Marketplace or on Facebook Stories. The bug also affected photos that people uploaded to Facebook but chose not to post or could not post for technical reasons.