Facebook is one of 30 organisations in ICO's sights

UK data regulator reveals scope of investigation into how data is used in political campaigns

Profile photograph of the Information Commissioner Elizabeth Denham

The UK's data protection watchdog has confirmed Facebook is one of 30 organisations it is investigating over the use of personal data in political campaigns.

The Information Commissioner's Office (ICO) announced the scale of its probe into the use of personal data and analytics in the UK by political campaigns, parties, social media companies and commercial powers, following news that political consulting firm Cambridge Analytica allegedly took 50 million Facebook users' profiles without their consent to help President Trump win the 2016 US election.

Advertisement - Article continues below

Information commissioner Elizabeth Denham said: "The ICO is looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica.

"We are also conducting a broader investigation into how social media platforms were used in political campaigning."

She added: "This is an important time for privacy rights. Transparency and accountability must be considered, otherwise it will be impossible to rebuild trust in the way that personal information is obtained, used and shared online."

In addition to public policy recommendations, the investigation may lead to enforcement action, with the ICO retaining the power to issue fines, conduct an audit, serve an enforcement notice for organisations to take action, or even prosecute organisations for failure to comply with previous enforcement notices.

Advertisement
Advertisement - Article continues below

Denham noted that while she welcomed changes Facebook has made to its policy around third-party access to people's data, it is too early to assess whether they sufficiently comply with the law.

Advertisement - Article continues below

Details on the terms and scope of the investigation expands on the ICO's initial announcement of the investigation in May 2017 to examine whether whether political groups were using analytics in a way that breached data protection laws.

At the Data Protection Practitioners' Conference over the weekend, Denham told delegates: "Our ongoing investigation into the use of personal data analytics for political purposes by campaigns, parties, social media companies and others will be measured, thorough and independent. Only when we reach our conclusions based on the evidence will we decide if enforcement action is warranted.

"The dramatic revelations of the last few weeks can be seen as a game changer in data protection. Suddenly, everyone is paying attention."

Meanwhile, senior figures linked with the Cambridge Analytica scandal have been summoned to appear before a House of Commons inquiry into fake news and misinformation.

Brittany Kaiser, former director of program development at Cambridge Analytica, will be interviewed by the Digital, Culture, Media and Sport Select Committee on 17 April, followed by Alexander Nix, its former CEO, on 18 April.

Advertisement - Article continues below

Meanwhile Mike Schroepfer, Facebook CTO, will appear before the House of Commons inquiry on April 26, while Mark Zuckerberg is set to appear before Congress next Wednesday.

Damian Collins MP, chair of the DCMS committee, last month called for more powers to be handed to the ICO to investigate data breaches.

Writing in the Evening Standard, he said: "The serious questions that result from the investigations of the past week require us to change our approach to the use of personal data in communications and election campaigns.

"Clearly, the information commissioner needs more powers to check that tech companies are complying with the data protection law. This should include the immediate power to go into tech firms when necessary to review their systems to make sure our data is safe. We can't just take their word for it: someone has to have the power to look behind the curtain to see what they are doing."

Advertisement - Article continues below

Parties at the centre of the scandal have in recent days been coming to terms with their own shortcomings, in a bid to address criticism moving forward.

Facebook announced last week that it is turning off the ability to search for people using phone numbers and emails because most of its more than two billion users may have been at the mercy of "malicious actors" scraping their public profiles this way.

Meanwhile Sheryl Sandberg, Facebook's COO, finally broke her silence in an interview with the Financial Times, admitting the company had underinvested in safety and security measures, but insisted operational attitudes were changing.

Picture credit: Information Commissioner's Office

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement
Advertisement

Recommended

Visit/policy-legislation/data-protection/355250/health-sites-sharing-users-medical-data-with-major-tech
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020
Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020