Facebook is one of 30 organisations in ICO's sights

UK data regulator reveals scope of investigation into how data is used in political campaigns

Profile photograph of the Information Commissioner Elizabeth Denham

The UK's data protection watchdog has confirmed Facebook is one of 30 organisations it is investigating over the use of personal data in political campaigns.

The Information Commissioner's Office (ICO) announced the scale of its probe into the use of personal data and analytics in the UK by political campaigns, parties, social media companies and commercial powers, following news that political consulting firm Cambridge Analytica allegedly took 50 million Facebook users' profiles without their consent to help President Trump win the 2016 US election.

Information commissioner Elizabeth Denham said: "The ICO is looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica.

"We are also conducting a broader investigation into how social media platforms were used in political campaigning."

Advertisement - Article continues below
Advertisement - Article continues below

She added: "This is an important time for privacy rights. Transparency and accountability must be considered, otherwise it will be impossible to rebuild trust in the way that personal information is obtained, used and shared online."

In addition to public policy recommendations, the investigation may lead to enforcement action, with the ICO retaining the power to issue fines, conduct an audit, serve an enforcement notice for organisations to take action, or even prosecute organisations for failure to comply with previous enforcement notices.

Denham noted that while she welcomed changes Facebook has made to its policy around third-party access to people's data, it is too early to assess whether they sufficiently comply with the law.

Details on the terms and scope of the investigation expands on the ICO's initial announcement of the investigation in May 2017 to examine whether whether political groups were using analytics in a way that breached data protection laws.

At the Data Protection Practitioners' Conference over the weekend, Denham told delegates: "Our ongoing investigation into the use of personal data analytics for political purposes by campaigns, parties, social media companies and others will be measured, thorough and independent. Only when we reach our conclusions based on the evidence will we decide if enforcement action is warranted.

"The dramatic revelations of the last few weeks can be seen as a game changer in data protection. Suddenly, everyone is paying attention."

Advertisement - Article continues below

Meanwhile, senior figures linked with the Cambridge Analytica scandal have been summoned to appear before a House of Commons inquiry into fake news and misinformation.

Brittany Kaiser, former director of program development at Cambridge Analytica, will be interviewed by the Digital, Culture, Media and Sport Select Committee on 17 April, followed by Alexander Nix, its former CEO, on 18 April.

Meanwhile Mike Schroepfer, Facebook CTO, will appear before the House of Commons inquiry on April 26, while Mark Zuckerberg is set to appear before Congress next Wednesday.

Damian Collins MP, chair of the DCMS committee, last month called for more powers to be handed to the ICO to investigate data breaches.

Advertisement - Article continues below

Writing in the Evening Standard, he said: "The serious questions that result from the investigations of the past week require us to change our approach to the use of personal data in communications and election campaigns.

"Clearly, the information commissioner needs more powers to check that tech companies are complying with the data protection law. This should include the immediate power to go into tech firms when necessary to review their systems to make sure our data is safe. We can't just take their word for it: someone has to have the power to look behind the curtain to see what they are doing."

Advertisement - Article continues below

Parties at the centre of the scandal have in recent days been coming to terms with their own shortcomings, in a bid to address criticism moving forward.

Facebook announced last week that it is turning off the ability to search for people using phone numbers and emails because most of its more than two billion users may have been at the mercy of "malicious actors" scraping their public profiles this way.

Meanwhile Sheryl Sandberg, Facebook's COO, finally broke her silence in an interview with the Financial Times, admitting the company had underinvested in safety and security measures, but insisted operational attitudes were changing.

Picture credit: Information Commissioner's Office

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020