Ireland's DPC is the lead regulator for the European Union because so many of the multinational tech giants have their European headquarters there.
In September, Facebook announced a problem in its "View As" feature that led to an attack on almost 30 million accounts. In December the company announced a software bug that exposed the photos of nearly seven million users to third-party apps without user consent.
Three of the potential GDPR violations are related to the September breach, which the company self-reported to the DPC, according to the report. Regulators are examining whether Facebook correctly handled notifying European authorities of the breach and user data.
Two probes are focused on WhatsApp, which is often considered the most secure of the platforms because of its end-to-end encryption. One is related to how it handles user privacy and how it shares information with Facebook outside of the app.
Twitter and Apple also face two probes each. LinkedIn, which is owned by Microsoft, faces one.
While one of the probes against Twitter comes after it self-reported a "large number of breaches," the company is also being investigated for how much access users have to their own data.
"We are fully committed to working with the Data Protection Commissioner's Office to improve the already strong data and privacy protections we offer to the people who use our services. As always, our approach is one of transparency and openness," a Twitter spokesperson said in an emailed statement.
Meanwhile, Apple is being investigated for transparency issues with regard to how it handles users' personal data and how it profiles users for targeted advertising.
LinkedIn is also being probed for profiling its users and targeted ads.
"We are fully cooperating with the Irish DPC, our lead regulator in the EU, with their work on a complaint regarding targeted advertising. We have notified the DPC that the complaint does not take account of changes we made to our platform to comply with GDPR. The privacy and trust of our members has always been core to our company values — and this continues under GDPR," LinkedIn's Denis Kelleher, head of privacy in Europe, Middle East and Africa, told ABC News in an email.
The company also responded to complaints about its Mentioned in the News feature, which was referenced elsewhere in the report as a case study, separate from the agency's list of open investigations. The feature notifies users' followers and connections when they are mentioned in the media. The company, which is owned by Microsoft, said it would disable that feature in Europe temporarily.
"We are pausing our Mentioned in the News feature for our EU members while we reevaluate its effectiveness. As referenced in the Irish Data Protection Commission’s report, we received useful feedback from our members about the feature and as a result are evaluating the accuracy and functionality of Mentioned in the News for all members," according to a statement on the company's website.
Facebook and Apple did not immediately respond to a request for comment.