Facebook founder Mark Zuckerberg could be set to pay a hefty €100,000 (£87,000, $137,800) fine after it was discovered that the social networking site was holding data that users had deleted.
Max Schrems, 24, an Austrian law student, asked Facebook for a copy of the data they had on him and was shocked when a CD from California was sent to him containing more than 1,200 pieces of information that he had purposefully deleted.
The CD contained status updates, pictures and conversations he had with his friends.
Zuckerberg looks to pay the maximum penalty, which would be a mere slither of his $17.5 billion fortune.
"I discovered Facebook had kept highly personal messages I had written and then deleted, which, were they to become public, could be highly damaging to my reputation," Schrems said.
"I'm not saying there was anything criminal or forbidden there, but let's just say that, as someone wanting to work in law, there was stuff which could make it pretty impossible for me to get a job.
"Information is power, and information about people is power over people. It's frightening that all this data is being held by Facebook.
"Of course, they are not misusing it at the moment, but the biggest concern is what happens when there is a privacy breach, either from hackers or from someone inside the firm?"
A Facebook spokesman said: "Facebook provided Mr. Schrems with all of the information required in response to his request.
"It included requests for information on a range of other things that are not personal information, including Facebook's proprietary fraud protection measures, and 'any other analytical procedure that Facebook runs'.
"This is clearly not personal data, and Irish data protection law rightly places some valuable and reasonable limits on the data that has to be provided."