Facebook users whose data was compromised by a massive data leak are being urged to take legal action against the tech giant.
About 530 million people had some personal information leaked, including, in some cases, phone numbers.
A digital privacy group is preparing to take a case to the Irish courts on behalf of EU citizens affected.
Facebook denies wrongdoing, saying the data was “scraped” from publicly available information on the site.
Sinn Féin ‘questioned over Facebook data use’
Facebook urged to end Instagram for children idea
Antoin Ó Lachtnain, director of Digital Rights Ireland (DRI), warned other tech giants its move could be the beginning of a domino effect.
“This will be the first mass action of its kind but we’re sure it won’t be the last,” he said.
“The scale of this breach, and the depth of personal information compromised, is gob-smacking.”
He added: “The laws are there to protect consumers and their personal data and it’s time these technology giants wake up to the reality that protection of personal data must be taken seriously.”
Was your number leaked in Facebook data breach?
Facebook faces investigation over data breach
DRI claims Facebook failed to protect user data and notify those who had been affected.
The data leak was first discovered and fixed in 2019, but was recently made easily available online for free.
DRI said individual users who take part in the legal action could be offered compensation of up to €12,000 (£10,445) if it is successful – based on what it says are similar cases in other countries.
‘Domino effect’
“If successful this could well set a precedent and open the door to further class action down the line,” Ray Walsh, a digital privacy expert at ProPrivacy, told the BBC.
“Big Tech might then find that being made to compensate individual users is a strong reminder to work harder on privacy compliance,” he added.
On Thursday, the Irish Data Protection Commission announced its decision to launch an investigation into the leak.
It will assess whether any parts of the GDPR or Data Protection Act 2018 were infringed by Facebook.
If found to be in breach, the social media giant could face fines of up to 4% of its turnover.
Responding to DRI’s legal case, a Facebook spokesman said: “We understand people’s concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it.”
He also pointed to other firms involved in similar recent leaks.
“As LinkedIn and Clubhouse have shown, no company can completely eliminate scraping or prevent data sets like these from appearing. That’s why we devote substantial resources to combat it and will continue to build out our capabilities to help stay ahead of this challenge,” he said.