EU Residents Urged to Join Legal Case Against Facebook Over Leaked Personal Data

Digital Rights Ireland (DRI) is urging Facebook users in the European Union (EU) to take action. 530 million Facebook users were victims of the recent massive data breach 🚰. Now, DRI asks them to join a legal case against the social media network. 

According to DRI, some 1.5 million Irish people are among those whose personal data—including names, phone numbers ☎️, and Facebook IDs—were compromised. In some cases, hackers accessed other information, including employers’ and spouses’ names, email addresses, and dates of birth. 

Here’s everything we know about Facebook’s latest data breach and what you can do if you’re impacted.

What We Know About the Facebook Data Leak 

According to news sources, the Facebook data leak was first uncovered two years ago. The data breach reportedly impacted half a billion Facebook users from 106 countries. Over 530 million Facebook users’ information appeared on the 🕵️ dark web. The data was purportedly difficult to find online until this month. 

The data breach is reportedly related to a vulnerability that Facebook patched in August 2019. Experts don’t know the exact data source, but they speculate that hackers misused legitimate functions in Facebook systems. Hackers mined ⛏️ the network for users’ personal information using automated data harvesting techniques.

The good news? It appears only a small proportion of the stolen data contained valid email addresses (an estimated 2.5 million records). This is a good thing because your data is not as valuable without your email address. Identity thieves usually require a combination of your name, date of birth, phone number, and email. 

EU Residents Encouraged to Sue

DRI doesn’t just claim that Facebook failed 🙅‍♀️ to protect its users’ data. It also says Facebook failed to notify the affected users and the Data Protection Commission. Notifying users and the Data Protection Commission—an independent authority responsible for upholding the data rights of EU citizens—is mandatory under the General Data Protection Regulation laws (GDPR).

“Forcing companies like Facebook to pay money to users whose privacy rights they’ve violated is the most effective way to really change the behavior of these big tech companies,” said DRI chairperson Dr. TJ McIntrye. “The prospect of class and mass actions is going to be a major impetus for the largest and most profitable of tech companies to become legally compliant and stop treating user data like a commodity.” 

Ireland doesn’t have class-action lawsuits like the U.S. The DRI’s legal case is a more general type of lawsuit that can represent many people in a single complaint. Any EU citizen who signs up for the DRI’s case could receive between 💵 €300 and €12,000. If you’d want to check on whether you are eligible, visit Facebookbreach.eu

The Data Protection Commission began its own inquiry into the leak. It soon announced that it is assessing whether any Facebook broke any GDPR laws. The social media network could face 🥺 more repercussions in the EU depending on the findings of the investigation

What About U.S. Users?

Facebook has faced several lawsuits for privacy violations in the U.S. over recent years. Just this February, Facebook paid out $650 million 💰 to users in the settlement of a privacy lawsuit. This one alleged that the company used photo face-tagging and other biometric data without their permission.

The social media company ostensibly violated Illinois’ Biometric Information Privacy Act (BIPA). BIPA allows consumers to sue companies that harvest biometric data without consent. Nearly 1.6 million Facebook users submitted claims for the class-action lawsuit settlement. 

The California-based company also allegedly failed to protect users’ personal data in the Cambridge Analytica breach. In that scandal, the data of 87 million people was reportedly used for advertising during the 2016 elections. This has resulted in more than 25 consolidated federal suits against Facebook.

According to court filings, some of the plaintiffs claim they found their personal info for sale 🛑 on the dark web, and others say they’ve endured phishing attempts. Oral arguments for the Cambridge Analytica case will take place later this month. 

The latest data breach reportedly affected more than 32 million users in the U.S. As of this writing, no formal lawsuits have been filed. However, attorneys are investigating the breach and a class-action lawsuit may be filed soon. If you were affected by a data breach, then you may be eligible to file a class-action lawsuit. Contact a social media attorney to learn more about your options