As many of these users are in the European Union, the largest social network on the Internet risks a fine of up to € 1.4 billion, all under the RGPD.
The security flaw that Facebook made public last Friday has a far larger dimension than normal for several reasons. The first of these is in the high number of affected users who may have seen their data stolen.
Secondly, and in the light of the RGPD rules, this failure could lead to a fine of up to 2% of its overall revenue.
Some European countries have already started looking into the case and Ireland, where Facebook has its European headquarters, will have already required detailed information from Facebook.
In the case of the RGPD, very straightforward rules apply and oblige companies to report these failures and theft of data to the authorities within a maximum of 72 hours, under penalty of high fines.
In the case of this security breach, Facebook complied with the 72 hour rule, but the Irish regulator complains that the notification lacked details and important information about the problem.
One of the biggest concerns of the Irish regulator is the impact this failure can have on users. 50 million is a very high number for affected users and even today it is not known exactly what data was stolen and its volume.
The European Commission may want to make this case and Facebook an example and apply a historical fine, as has happened in other cases of violations of the rules defined.
If the regulator chooses to proceed, this case will not be forgotten and should not have a decision soon. Beyond the accusations, we have to wait for the defense of Facebook and its lawyers.