Legal updates and opinions
News / News
“So the wolf showed his teeth” – not again Facebook!
by Ahmore Burger-Smidt, Head of Data Privacy Practice
“Little pigs! Little pigs! Let me in! Let me in!”
“No! No! No! Not by the hairs on our chinny chin chin!”
“Then I’ll huff and I’ll puff and I’ll blow your house down.”
In The Three Little Pigs, the conflict centres around the fact that the big bad wolf wants to get inside the pigs’ homes to eat them. Facebook faces a “wolf” that is doing his best to get it to allow him access to its users’ information and this persistence, may very well blow the Facebook house down.
Facebook, already facing scrutiny over how it handled personal information of its users, just during the Cambridge Analytica saga earlier this year, disclosed that a further attack on its computer network had exposed the personal information of millions of users.
This breach is reportedly the largest in the company’s 14 year history.
The attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially take control of them. The attackers allegedly exploited two bugs in the site’s “View As” feature, which allows users to check what information other people can see about them. Ironically, this feature was built to give users more control over their privacy. The hackers allegedly also attempted to harvest users’ personal information, such as their names, sex and hometown from Facebook’s systems.
Facebook’s European subsidiary is headquartered in Ireland and the Irish Data Protection Commission is the data watchdog that regulates Facebook. The Facebook data breach will be the first major test of Europe’s tough data protection laws, the General Data Protection Regulation (“GDPR“).[1] The GDPR regulates how companies handle the data of European citizens and governs how that information is stored and used.
The GDPR to a large extent, deals with data breaches as well as the penalties for companies who fail to notify regulators about a data breach within 72 hours of it occurring. Firms can also be fined if it is found that they do not have adequate measures in place to prevent a data breach or have acted contrary to any of the principles of processing information as set out in GDPR.
If it is found that Facebook breached the GDPR, the maximum fine that Facebook could potentially face is 4% of its annual global turnover. It is estimated that the social network’s 2017 revenue is over $40.65 billion and the potential fine could amount to approximately $1.63 billion.
The primary moral lesson that Facebook can learn from “The Three Little Pigs” is that hard work and dedication pay off. While the first two pigs built their houses quickly and spent their free time playing, the third pig laboured in the construction of his house of bricks – data security in terms of POPIA[2] and a data breach plan cannot be ignored!
Facebook has been reshuffling its security teams since its chief security officer left its employ in August. Instead of acting as a stand-alone group, security team members have been working closely with product teams across the company. This move, the company said, is an effort to embed security across every step of Facebook’s product development.
Still, the recently discovered breach is a reminder that it is exceptionally difficult to entirely secure a system that connects with thousands of third-party services and has more than 2.2 billion users globally.
The Three little pigs lived happily ever after.
[1] General Data Protection Regulations (EU) 2016/679.
[2] Act 4 of 2013.
Latest News
Franchisors Beware! The Competition Commission may come knocking soon
by Paul Coetser, Director and Head of Competition and Kwanele Diniso, Associate The franchising industry has long been a bone [...]
Mind the Conduct: A Guide to COFI – Part 6: COFI – What Really Changes?
by Hilah Laskov, Director Introduction In this article series, we take a deep dive into the South African Conduct of [...]
Remuneration governance under the amended Companies Act: A closer look at some of the key questions
by Kevin Trudgeon, Director and Helena Stoop, Senior Knowledge Lawyer 1. Introduction On 22 May 2026, a proclamation by President [...]
Does the Public Procurement Act provide for an effective dispute resolution mechanism?
by Sarah Moerane, Director and Koketso Rapoo, Senior Associate The National Treasury published the draft General Public Procurement Regulations and [...]
The shift in the evaluation criteria in South African public procurement
By Sarah Moerane, Director and Amogelang Magano, Senior Associate South Africa is in the midst of what could prove to [...]
Mind the Conduct: A Guide to COFI – Part 5: Governance and Accountability
by Hilah Laskov, Director Introduction In this article series, we take a deep dive into the South African Conduct of [...]
