Facebook agrees to pay £500,000 ICO fine

However, the social media giant has made no admission of liability

The Facebook logo photographed with rope laid over it as if to resemble imprisonment

Facebook has finally agreed to pay a 500,000 fine issued by the Information Commissioner's Office under the Data Protection Act 1998.

The two organisations came to an agreement to end respective appeals, but Facebook will not make any admission of liability in relation to the monetary penalty notice.

Following an investigation, the ICO fined Facebook under section 55A of the DPA 1998, accusing the social network of failings relating the Cambridge Analytica scandal. Facebook, however, appealed the fine arguing that there was "no evidence" that UK users' data was inappropriately shared with the third-party company.

In June, the First Tier Tribunal issued an interim decision, halting parts of the investigation and called on the ICO to disclose all materials relating to its decision-making process regarding the fine. The ICO appealed this in September, but had to wait for this agreement to continue its full investigation.

"The ICO welcomes the agreement reached with Facebook for the withdrawal of their appeal against our Monetary Penalty Notice and agreement to pay the fine," said deputy commissioner James Dipple-Johnstone. "The ICO's main concern was that UK citizen data was exposed to a serious risk of harm.

"We are pleased to hear that Facebook has taken, and will continue to take, significant steps to comply with the fundamental principles of data protection. With this strong commitment to protecting people's personal information and privacy, we expect that Facebook will be able to move forward and learn from the events of this case."

Speaking on behave of Facebook, its director and associate general counsel, Harry Kinmonth said the company wish it had done more to investigate claims about Cambridge Analytica in 2015.

"The ICO has stated that it has not discovered evidence that the data of Facebook users in the EU was transferred to Cambridge Analytica by Dr Kogan," he said. "However, we look forward to continuing to cooperate with the ICO's wider and ongoing investigation into the use of data analytics for political purposes."

22/11/2018: Facebook appeals 500k ICO fine over 'lack of evidence' that UK users were affected

Facebook has appealed a 500,000 fine levied by the UK's data watchdog, arguing that there is "no evidence" that UK users' data was inappropriately shared with Cambridge Analytica.

Information Commissioner Elizabeth Denham revealed last month that the ICO would be issuing Facebook the maximum fine allowed under the Data Protection Act 1998 after the discovery of "serious" breaches of data regulations, including a lack of oversight over how much access developers had to user data.

The Information Commissioner's Office (ICO) found Facebook improperly processed user data by giving third-party app developers access to profiles without consent.

Cambridge Analytica, the company at the heart of an international data-sharing scandal, illicitly harvested millions of users' details without their knowledge for use in political campaigning. Independent developer Dr Aleksander Kogan, also subject to the ICO investigation, is said to have harvested 87 million profiles and shared a significant portion of these with Cambridge Analytica's parent company SLC Group.

Regulators have independently ruled the now-defunct Cambridge Analytica misused users data for microtargeting in political campaigns, including the 2016 US presidential race, and the UK's 2017 EU referendum.

Facebook decided to appeal this decision on the final day of the 28-day limit organisations are given, citing a lack of evidence that data belonging to UK users was shared with Dr Kogan, or Cambridge Analytica.

"The ICO's investigation stemmed from concerns that UK citizens' data may have been impacted by Cambridge Analytica," said Facebook's VP and associate general counsel for EMEA Anna Benckert.

"Yet they now have confirmed that they have found no evidence to suggest that information of Facebook users in the UK was ever shared by Dr Kogan with Cambridge Analytica, or used by its affiliates in the Brexit referendum.

"Therefore, the core of the ICO's argument no longer relates to the events involving Cambridge Analytica. Instead, their reasoning challenges some of the basic principles of how people should be allowed to share information online, with implications which go far beyond just Facebook, which is why we have chosen to appeal."

Benckert then likened the investigation against Facebook to chasing people down for forwarding an email or message without having agreement from each person in the original thread. She claimed this is done by millions of people every day across the internet.

"Any organisation issued with a monetary penalty notice by the Information Commissioner has the right to appeal the decision to the First-tier Tribunal. The progression of any appeal is a matter for the tribunal," an ICO spokesperson told IT Pro.

Organisations hit with a regulatory notice, whether a fine or otherwise, have a right to appeal the decision to an independent tribunal. Firms can say whether they prefer this to be decided remotely, or in-person.

At the most recent tribunal hearing concerning data protection, the ICO was ordered to reverse a 60,000 fine issued to STS Commercial Ltd. The data regulator issued the penalty in early July for violations of the DPA 2018 after the firm allegedly allowed its lines to be used to send spam texts.

No date has been set for Facebook's tribunal hearing, however, based on previous cases, it's likely it could be at least a few months before the appeal is considered.

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google removes 17 apps infected with evasive ‘Joker’ malware
malware

Google removes 17 apps infected with evasive ‘Joker’ malware

28 Sep 2020