The Data Protection Commission has launched a statutory inquiry into Facebook after it emerged the social network stored passwords in unencrypted format.
In March, it emerged that hundreds of millions of Facebook passwords were kept in plain text on the company's internal data storage systems.
Typically, passwords are stored in an encrypted format - meaning the passwords are masked so that nobody, even Facebook staff, can read them.
The process of 'hashing' and 'salting' passwords means encrypted ones can be kept and validated without being stored in plain text format.
However, a security review earlier this year found that passwords were being stored in a readable format by Facebook - in theory meaning they could be more easily accessed.
The company stressed there was no evidence the passwords had been "internally abused or improperly accessed".
Initial numbers revealed hundreds of millions of Facebook and Facebook Lite users were impacted, alongside tens of thousands of Instagram users.
Facebook - whose European headquarters is based in Dublin - later admitted the Instagram figure was too low, saying millions of passwords were impacted.
In a statement today, the Data Protection Commission confirmed it's investigating the issue.
The commission said: "We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR."
Last year, a separate statutory inquiry into Facebook was launched after the commission received a number of "breach notifications".
If a company is found in breach of GDPR rules by a statutory inquiry, the Data Protection Commission has 'corrective powers' such as issuing fines or a "temporary or definitive ban on processing or a suspension of international data transfers".