The Office of the Data Protection Commissioner has warned that the number of Irish and EU-wide users of Facebook that will have had data "harvested" by apps will be very high.

Facebook is currently trawling its records to see if there is any evidence of suspicious activity in relation to any other apps that had less restricted access to Facebook at the same time as "thisisyourdigitallife".

As a result, the ODPC says it may have further concerns in relation to potential abuses as the situation evolves.

There are 1.6 million active apps on the Facebook platform.

The ODPC says it is still unclear whether scraping of data by third party apps has posed actual harms or risks.

Helen Dixon's office has been engaging with Facebook around these issues for some time in an effort to protect users and continues to do so.

Measures being implemented include holding Facebook to account for statements it has publicly committed to in relation to cleaning up its app platform and implementing further restrictions and oversight of app developers.

It is also demanding an urgent analysis from Facebook of any identifiable risks or harm to users arising from the issues on its app developer platform or the bulk scraping of accounts.

The ODPC is also demanding much higher standards of transparency and communication with users, particularly in relation to what the recent controversy means for them.

It has also asked the social network to send each data protection authority in the EU details of the number of users in their jurisdictions potentially affected by the Cambridge Analytica affair.

In addition, ahead of the arrival of the EU's new data protection rules in May, the data regulator says it has overseen a new "user engagement flow" that Facebook intends to roll-out.

So far the ODPC says it has had Facebook's full cooperation with the issues, but it also says it has powers to issue Information or Enforcement Notices if necessary.

The Data Protection Commissioner has also said Facebook needs to be fully transparent about the extent to which users' data has been misused.

Helen Dixon said her office is actively supervising Facebook's progress in "cleaning up its act and ensuring users' data is protected".


It comes as the social network has said that up to 45,000 Facebook users in Ireland may have had some personal information improperly shared with Cambridge Analytica.

Last night, Facebook revealed that the personal information of 87 million users globally may have been gathered by a third-party app and sent to the controversial UK political consultancy firm.

That is considerably more than the 50 million users previously thought to have been affected.

The company also told RTÉ News that while just 15 people in Ireland had downloaded the controversial thisisyourdigitallife app, up to 44,687 users here may have been friends with someone who installed it, and therefore might also have been affected by the data scraping.

The total figure also includes more than one million users from the UK with the majority of those potentially affected based in the United States.

The news came as Facebook announced further restrictions to stop third party app developers accessing user data on the platform.

Five years ago, a University of Cambridge professor created the thisisyourdigitallife app, which purported to be a personality test, but actually gathered personal information from Facebook users and their friends.

Two weeks ago, Christopher Wylie, who used to work for Cambridge Analytica, revealed data for up to 50 million users was harvested by the app and improperly transferred to Cambridge Analytica.

It is claimed Cambridge Analytica then used the data to target wavering voters in the 2016 US Presidential election and convince them to vote for Donald Trump.

Speaking to reporters last night, company founder and boss Mark Zuckerberg admitted again that he had made mistakes, but said he remains the best person to lead the company.


Read more
What is Cambridge Analytica?

An Irish Cambridge Analytica? Not if we get our ethics in order


In a rare conference call with journalists, the tech giant's founder and CEO admitted that it "didn't do enough" to protect its users and promised that the company was now committed to taking more responsibility for keeping people's data safe.

"We didn't take a broad enough view of what our responsibility is. That was a huge mistake. It was my mistake," he said at the start of the call.

Asked by a journalist if he still thought he was the best person to lead Facebook forward, Mr Zuckerberg said "yes", adding: "I think life is about learning from your mistakes and working out what you need to do to move forward."

"When you're building something like Facebook that is unprecedented in the world there are going to be things you mess up." 

After another reporter asked if the board had discussed whether he should step down as chairman in the wake of the company's recent drop in stock price, he said: "Not that I'm aware of."

Mr Zuckerberg said that the 87 million figure was "the maximum number" thought possible, and admitted "we don't actually know" the true total that were affected.

Previous estimates had suggested 50 million users were at risk, but as Mr Zuckerberg spoke, Cambridge Analytica claimed on Twitter that "no more than 30 million" individuals saw their data accessed.

The company also tweeted: "When Facebook contacted us to let us know the data had been improperly obtained, we immediately deleted the raw data from our file server, and began the process of searching for and removing any of its derivatives in our system."

Asked about those tweets and whether he would consider taking legal action against any companies that illicitly accessed user data, Mr Zuckerberg said Facebook would allow the UK's Information Commissioner to investigate first but would "take legal action if we need to do that to protect people's information".

In yesterday's blog post, which outlined a number of proposed changes to Facebook's terms of service in the wake of the privacy row, the company explained that it had disabled a feature that had previously allowed people to search for users by their mobile number or email address, if they chose to allow it in their settings.

Chief technology officer Mike Shroepfer, who wrote the update, said this was because "malicious actors" had "abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery".

On the call, Mr Zuckerberg was asked about this and said: "I would assume if you had that setting turned on that someone at some point has access to your public information in some way."

Additional reporting PA