Facebook ’s (FB) massive data breach, which raised the ire of at least one federal lawmaker last week, could cost the social-media giant as much as $1.63 billion in fines from regulators in Europe, where privacy laws are more stringent.
The company’s lead European privacy regulator, Ireland’s Data Protection Commission, wants more details about the scope of the breach, which exposed the data of at least 50 million user accounts, and the extent to which EU members were impacted.
“@DPCIreland is awaiting from Facebook further urgent details of the security breach impacting some 50m users, including details of EU users which have been affected, so that we can properly assess the nature of the breach and risk to users,” the DPC said in a tweet on Sunday.
The DPC did not immediately respond to an emailed request for additional comment.
A Facebook spokeswoman said it is cooperating with the DPC.
Shares of Facebook are down 1.4% to $161.97 in early-afternoon trading
What European regulators decide as a course of action could offer a telling sign of what Facebook can expect with each successive privacy or security rupture, both abroad and at home.
Europe’s General Data Protection Regulation law, which went into effect in May, levies heavy fines–$23 million or 4% of world-wide revenue the previous year, whichever is higher–if it determines a company didn’t do enough to protect its customers’ data. Using the latter calculation, Facebook would be fined $1.63 billion.
Meanwhile, the company’s revenue is surging. Facebook, which saw revenue of $40.65 billion in 2017, saw revenue for the six months ended June 30 reach $25.2 billion–up 45% from the year-ago period.
In a conference call with reporters on Friday, Facebook CEO Mark Zuckerberg and company officials said the breach affected members who used the “View As” feature that lets them see how their Facebook profile looks to others, including non-friends. Zuckerberg has tried mightily to assure consumers and lawmakers that the site is doing everything in its power to protect personal information while tamping down on foreign meddling during elections. He deemed the latest security mishap part of an ongoing “arms race” with hackers.
But U.S. lawmakers are losing their patience. Sen. Mark Warner [D., Va.], vice chair of the Senate Intelligence Committee, whose latest lambasting of Facebook came Friday, declined to comment today about the potential fine.