Facebook has been hit with a £500,000 fine for the part it played in failing to protect user data during the Cambridge Analytica scandal.
Back in July, the Information Commissioner’s Office (ICO) issued a Notice of Intent to fine Facebook as part of an investigation into the use data for political purposes. The investigation found that, between 2007 and 2014, Facebook had been unfairly processing the personal information of users – and their friends – by allowing developers access to this information without any clear, informed consent.
“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data. A company of its size and expertise should have known better and it should have done better,” said Information Commissioner Elizabeth Denham.
“Our work is continuing. There are still bigger questions to be asked and broader conversations to be had about how technology and democracy interact and whether the legal, ethical and regulatory frameworks we have in place are adequate to protect the principles on which our society is based.”
The fine levelled at Facebook is the maximum allowed under the old Data Protection Act 1998. The ICO was unable to seek a fine under the General Data Protection Regulation (GDPR) because the investigation was launch before its implementation. Under GDPR, the fine could’ve amounted to almost £500m.
“The ICO’s decision to issue Facebook with the maximum fine available to it under the Data Protection Act 1998 only goes to show the significance and impact to consumer privacy the regulator believes is involved in this case. In her comments, Elizabeth Denham also mentions that there are bigger questions to answer and that their investigation into the use of data analytics in political campaigns will continue. So, there may be more fines and penalties to come and the intent of the ICO is clear,” said Rachel Aldighieri, MD of the DMA.
“Under the new GDPR regulations, brought into UK law in May’s Data Protection Act 2018, the penalties available to the ICO could have been even more severe – 4 per cent of an organisation’s global annual turnover or €20m, whichever is higher. However, the potential impact of data breaches and privacy concerns like this go far beyond the monetary penalties, the long-term effects on customer trust, share price and public perception of breaking the law could be even more damaging in the long run.
“All businesses must be upfront and transparent about how they collect and use their customers’ data. The benefits of sharing data must also be clear and the consumers must be in control.”