The Irish Data Protection Commission is to launch an investigation into data leak in which the details of hundreds of millions of Facebook users were published online.
It had previously been looking into claims from Facebook that the data was old, from a previously reported leak in 2019.
But it now says that there could have been a breach of data laws.
Facebook said it was “co-operating fully”.
In a statement, the firm said the inquiry “relates to features that make it easier for people to find and connect with friends on our services”.
“These features are common to many apps and we look forward to explaining them and the protections we have put in place.”
The Irish regulator is a key one in such investigations as Facebook’s European headquarters are in Dublin.
The dataset of 533 million people from 106 countries was published on a hacking forum earlier this month, although the data had initially been scraped from Facebook some years earlier.
The feature that was manipulated to access data was changed in 2019 after Facebook became aware of its abuse.
The DPC released a statement saying it had looked at the evidence and was “of the opinion that one or more provisions of the GDPR and/or the Data Protection Act may have been, and/or are being, infringed in relation to Facebook users’ personal data”.
“Accordingly, the commission considers it appropriate to determine whether Facebook Ireland has complied with its obligations, as data controller, in connection with the processing of personal data of its users.”
Firms found to be in breach of GDPR face fines of up to 4% of their annual global turnover.