A security breach saw the personal details of more than 1,000 content moderators across 22 departments at Facebook made visible. A bug in the software, discovered late last year, revealed the personal profiles of content moderators in the activity logs of the Facebook groups when administrators were removed.
The content moderators removed individuals or groups who were found to be in breach of Facebook’s terms of service. They would review and remove any and all inappropriate content from Facebook, including sexual material, hate speech and terrorist propaganda.
40 of the 1,000 workers affected in the breach worked as part of the counter-terrorism unit based in Facebook’s European HQ in Dublin. Six of those affected were deemed to be “high priority” victims because Facebook realised their personal profiles were likely to be viewed by potential terrorists.
The Guardian spoke to one of the six individuals, who, did not wish to be named. The Iraqi-born Irish citizen was hired by Facebook because he spoke Arabic. He has since fled Ireland and gone into hiding, as it was realised that seven individuals associated with Hamas have viewed his personal profile.
Facebook has recently confirmed the security breach and said in a statement that it had made technical changes to “better detect and prevent these types of issues from occurring”.
This breach again highlights the importance of stringent data protection legislation. Unlike many breaches we hear about that result in financial loss for those affected, this breach has put the lives of those affected in potential danger.
The European General Data Protection Regulation (GDPR), which comes into effect in May 2018, will apply more stringent data protection laws to companies that process the personal data of EU residents. This case highlights why this new regulation is so important.
A GDPR compliance framework needs knowledge and competence. Take the first step towards implementing the GDPR in your business by attending our GDPR Foundation and Practitioner training.