Facebook agrees to pay £500,000 ICO fine

However, the social media giant has made no admission of liability

The Facebook logo photographed with rope laid over it as if to resemble imprisonment

Facebook has finally agreed to pay a 500,000 fine issued by the Information Commissioner's Office under the Data Protection Act 1998.

The two organisations came to an agreement to end respective appeals, but Facebook will not make any admission of liability in relation to the monetary penalty notice.

Following an investigation, the ICO fined Facebook under section 55A of the DPA 1998, accusing the social network of failings relating the Cambridge Analytica scandal. Facebook, however, appealed the fine arguing that there was "no evidence" that UK users' data was inappropriately shared with the third-party company.

In June, the First Tier Tribunal issued an interim decision, halting parts of the investigation and called on the ICO to disclose all materials relating to its decision-making process regarding the fine. The ICO appealed this in September, but had to wait for this agreement to continue its full investigation.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The ICO welcomes the agreement reached with Facebook for the withdrawal of their appeal against our Monetary Penalty Notice and agreement to pay the fine," said deputy commissioner James Dipple-Johnstone. "The ICO's main concern was that UK citizen data was exposed to a serious risk of harm.

"We are pleased to hear that Facebook has taken, and will continue to take, significant steps to comply with the fundamental principles of data protection. With this strong commitment to protecting people's personal information and privacy, we expect that Facebook will be able to move forward and learn from the events of this case."

Speaking on behave of Facebook, its director and associate general counsel, Harry Kinmonth said the company wish it had done more to investigate claims about Cambridge Analytica in 2015.

"The ICO has stated that it has not discovered evidence that the data of Facebook users in the EU was transferred to Cambridge Analytica by Dr Kogan," he said. "However, we look forward to continuing to cooperate with the ICO's wider and ongoing investigation into the use of data analytics for political purposes."

22/11/2018: Facebook appeals 500k ICO fine over 'lack of evidence' that UK users were affected

Facebook has appealed a 500,000 fine levied by the UK's data watchdog, arguing that there is "no evidence" that UK users' data was inappropriately shared with Cambridge Analytica.

Advertisement - Article continues below

Information Commissioner Elizabeth Denham revealed last month that the ICO would be issuing Facebook the maximum fine allowed under the Data Protection Act 1998 after the discovery of "serious" breaches of data regulations, including a lack of oversight over how much access developers had to user data.

The Information Commissioner's Office (ICO) found Facebook improperly processed user data by giving third-party app developers access to profiles without consent.

Cambridge Analytica, the company at the heart of an international data-sharing scandal, illicitly harvested millions of users' details without their knowledge for use in political campaigning. Independent developer Dr Aleksander Kogan, also subject to the ICO investigation, is said to have harvested 87 million profiles and shared a significant portion of these with Cambridge Analytica's parent company SLC Group.

Regulators have independently ruled the now-defunct Cambridge Analytica misused users data for microtargeting in political campaigns, including the 2016 US presidential race, and the UK's 2017 EU referendum.

Advertisement
Advertisement - Article continues below

Facebook decided to appeal this decision on the final day of the 28-day limit organisations are given, citing a lack of evidence that data belonging to UK users was shared with Dr Kogan, or Cambridge Analytica.

"The ICO's investigation stemmed from concerns that UK citizens' data may have been impacted by Cambridge Analytica," said Facebook's VP and associate general counsel for EMEA Anna Benckert.

Advertisement - Article continues below

"Yet they now have confirmed that they have found no evidence to suggest that information of Facebook users in the UK was ever shared by Dr Kogan with Cambridge Analytica, or used by its affiliates in the Brexit referendum.

"Therefore, the core of the ICO's argument no longer relates to the events involving Cambridge Analytica. Instead, their reasoning challenges some of the basic principles of how people should be allowed to share information online, with implications which go far beyond just Facebook, which is why we have chosen to appeal."

Benckert then likened the investigation against Facebook to chasing people down for forwarding an email or message without having agreement from each person in the original thread. She claimed this is done by millions of people every day across the internet.

"Any organisation issued with a monetary penalty notice by the Information Commissioner has the right to appeal the decision to the First-tier Tribunal. The progression of any appeal is a matter for the tribunal," an ICO spokesperson told IT Pro.

Organisations hit with a regulatory notice, whether a fine or otherwise, have a right to appeal the decision to an independent tribunal. Firms can say whether they prefer this to be decided remotely, or in-person.

At the most recent tribunal hearing concerning data protection, the ICO was ordered to reverse a 60,000 fine issued to STS Commercial Ltd. The data regulator issued the penalty in early July for violations of the DPA 2018 after the firm allegedly allowed its lines to be used to send spam texts.

Advertisement - Article continues below

No date has been set for Facebook's tribunal hearing, however, based on previous cases, it's likely it could be at least a few months before the appeal is considered.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/security/antivirus/354328/microsoft-to-scrap-security-essentials-when-windows-7-reaches-end-of-life
antivirus

Microsoft to scrap Security Essentials when Windows 7 reaches end-of-life

13 Dec 2019