Yahoo! is set to get a spanking under European Union data protection laws for the biggest of the many megabreaches it copped to last year.
The Irish data protection commissioner has stated that a probe by the office into Yahoo!'s megabreach of 2014 – the one in which more than a billion user accounts were affected – has almost concluded; and when it does it will recognise the European unit's culpability for the incident, and as such will be applying "remedial action", likely to be a monetary penalty.
According to Bloomberg, which interviewed the Irish DPC herself, Helen Dixon, Yahoo! said it "has been co-operating with the Commissioner's Office on its investigation and will closely review the findings when available".
Dixon said her office was "of the view that [the breach] could have been detected sooner and the risks mitigated sooner" before adding that the probe was "at the point of concluding" and the office will "impose remedial action where the findings need us to do that".
Of course, whatever those findings are, from May next year the pain that comes with that remedial action could be much more severe. Under the EU's new General Data Protection Regulations, companies found in breach of European privacy laws could face fines as significant as 4 per cent of their global annual turnover.
For companies like Facebook and Apple, this will mean dealing with Dixon, whose Irish office is the European lead on their compliance with EU data regulations.
Dixon was also quoted as stating that she wouldn't be shy of making full use of the new GDPR sanctions. "Clearly, talking about fines of 20 million or 4 per cent of global turnover, we could anticipate they're not going to be everyday type fines," she told Bloomberg. "But there are going to be cases where there simply are mass-scale breaches that have significant effects on millions of users. The only way to start driving a better compliance culture is to have those types of enforcement tools in our toolkit." ®