An Irish regulator said it was investigating Facebook Inc following the company's disclosure that a bug may have exposed private photos of up to 6.8 million users, the latest in a series of Facebook privacy glitches.
The Irish Data Protection Commissioner (DPC), the lead regulator of Facebook in the European Union, said it was investigating to determine whether the company had complied with strict new EU privacy rules in its response to a number of breaches, including the one that exposed photos.
Facebook said in a statement that it was in close contact with the Irish regulator and happy to answer any questions. The investigation is the second opened by the DPC into Facebook since the new regulations took effect in May.
Facebook disclosed the photo glitch earlier, saying it allowed some 1,500 software apps to access private photos for 12 days ending Sept. 25.
"We're sorry this happened," Facebook said in a blog.
The European data law requires companies to report data breaches to authorities within 72 hours, giving regulators authority to impose fines of up to 4 percent of annual global revenue for infractions. Facebook said it would alert users whose photos may have been exposed.
The glitch could undermine Facebook’s efforts to assure users and regulators that it was making progress in bolstering security and privacy after a series of embarrassments, internet analysts said. They include the Cambridge Analytica scandal in which the British political consulting firm harvested data of at least 87 million Facebook users and sold it for political use and a security breach for nearly 30 million users.
"We already have a lot of evidence to reinforce the idea that Facebook is sloppy, prioritizing growth at the expense of other considerations," Brian Wieser, an analyst with Pivotal Research, said in an email.
New reports of bugs and breaches raise the likelihood that governments will add regulations on Facebook, said George Salmon, an analyst with Hargreaves Lansdown.
"Facebook is sensibly trying hard to regain the trust of its user base, but all that effort will be to no avail if stories like this keep emerging," Salmon said.
The bug affected users who give third-party applications permission to access their photos. Facebook typically only grants such apps access to photos shared on a user’s timeline, but the bug potentially gave developers access to other photos, including ones that were uploaded but not posted, and ones shared on Marketplace and Facebook Stories, the company said.