DUBLIN (Reuters) -Ireland's Data Protection Commission (DPC) said on Wednesday it had launched an inquiry into Facebook Inc, after a dataset reported to contain personal data relating to some 533 million Facebook users worldwide had been made public.
Facebook said in a blog post last week that "malicious actors" had obtained the data prior to September 2019 by "scraping" profiles using a vulnerability in the platform's tool for synching contacts.
The DPC said that having considered information provided by Facebook, it is of the opinion that one or more provisions of the EU's General Data Protection Regulation's (GDPR) and/or the Data Protection Act 2018 "may have been, and/or are being, infringed in relation to Facebook Users' personal data."
A spokeswoman for Facebook did not immediately comment on the investigation.
The Irish DPC is the European Union's lead regulator of Facebook, Apple, Google and other technology giants under the GDPR's "One Stop Shop" regime, due to the location of their EU headquarters in the country.
The regulator said last week that previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website, which at the time Facebook said occurred between June 2017 and April 2018, before the GDPR rules came in.
It also said last week that the newly published data leak seemed to comprise the original 2018 dataset combined with additional records, which may be from a later period.
The DPC had more than 27 major inquiries into U.S technology firms open at the end of last year, 14 of which are into Facebook and its WhatsApp and Instagram subsidiaries.
(Reporting by Padraic Halpin in Dublin and Munsif Vengattil in Bengaluru; Editing by Aditya Soni)