Facebook: Data Protection

(asked on 22nd March 2019) - View Source

Question to the Department for Digital, Culture, Media & Sport:

To ask the Secretary of State for Digital, Culture, Media and Sport, when he was notified of the Facebook data breach reported on 21 March 2019 where the passwords of up to 600 million users were made available to Facebook employees.


Answered by
Margot James Portrait
Margot James
This question was answered on 27th March 2019

We take the protection of personal data and the right to privacy extremely seriously. The Data Protection Act 2018 (DPA) made our data protection laws fit for the digital age and empowered people to take control of their data.

The DPA and General Data Protection Regulation (GDPR) introduced a duty on all organisations including social media companies to notify certain types of personal data breaches to the Information Commissioner's Office (ICO).

Under the GDPR, a company may designate one national regulator in the European Union as its “lead supervisory authority”, so that it does not have to deal with 28 separate regulators. In the case of Facebook, the Irish Data Protection authority takes that role and is therefore leading on this breach.

The ICO is working with its Irish counterpart to ensure that it fulfils its role to protect UK citizens data. This includes establishing the number of UK users affected.

Reticulating Splines