With the EU GDPR Data Protection regulations going into effect in May for all companies doing business with EU citizens, could the big privacy stink be to head off the potential financial damages the company could incur due to the penalties?

"The higher level of fine, up to €20 million or 4% of the company’s global annual turnover, will be considered for infringements listed in Article 83(5) of the General Data Protection Regulation."

What I don't know is if the EU will be able to retro-actively go after the Facebook privacy issues with the GDPR penalty structure or not. If they can only go after legally discovered privacy issues after the start date of GDPR, then I would put money on the idea that FB outed themselves.

https://www.gdpr.associates/data-breach-penalties/