Ireland's data protection watchdog is demanding answers from Facebook over the release of records on 533 million people that appeared to stem from the social media site, a spokesman said Tuesday.

A spokesman for Ireland's Data Protection Commission (DPC) -- which regulates Facebook in the EU -- said "a dataset, appearing to be sourced from Facebook, has appeared on a hacking website this weekend for free and contains records of 533 million individuals."

"A significant number of the users are EU users," he added.

The DPC said the data, which includes phone numbers and email addresses, appears to have been "scraped some time ago from Facebook public profiles."

"Scraping" refers to the generally automated process of harvesting and collating information from websites.

The DPC said similar datasets were previously shared in 2018 and 2019 sourced from a "vulnerability" in Facebook's "phone lookup functionality" which was fixed in April 2018.

Facebook did not notify the Irish regulator of the breach because it took place before the introduction of the EU-wide General Data Protection Regulation (GDPR) in May 2018.

The latest published dataset appears to be comprised of the 2018 release "combined with additional records, which may be from a later period," the DPC spokesman said.

Under GDPR social media users have more established data rights while regulators have been buttressed with greater punitive powers.

If the DPC opens an investigation into Facebook under GDPR and finds it in breach of the legislation, it has the power to impose a fine of four per cent of the firm's annual global turnover.

The DPC said it "received no proactive communication from Facebook" over the weekend.

The agency said Facebook has since told them the data breach "requires extensive investigation to establish its provenance".