Facebook fined £500,000 by the ICO following Cambridge Analytica data scandal

UK data watchdog to impose the maximum punishment for two breaches of the Data Protection Act 1998

Facebook will be hit with the maximum fine of 500,000 by the ICO for two breaches of the Data Protection Act 1998 following the Cambridge Analytica scandal.

Information Commissioner Elizabeth Denham published an update of her office's investigation into the misuse of personal data in political campaigns and gave details of some of the organisations and individuals under investigation.

The report also detailed the enforcement actions taken by the ICO, which includes the maximum fine of 500,000 for Facebook. Denham said that fines and prosecutions punish the "bad actors", but her real goal was to effect change and restore trust and confidence in the democratic system.

"We are at a crossroads," she said. "Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

"New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law."

The UK's data protection regulator began it's investigation in May 2017, looking into whether personal data had been misused by campaigns on both sides of the EU referendum.

Facebook and Cambridge Analytica became the focus of the investigation in February when it was discovered an app had been used to harvest the data of 50 million Facebook users, which is now estimated at 87 million by the ICO.

The use of personal data by social networks has come under heavy scrutiny ever since the GDPR came into force and Denham has called for an ethical pause to allow regulators, political parties, online platforms and the public to reflect on their responsibilities in the era of big data and new technologies.

"People cannot have control over their own data if they don't know or understand how it is being used. That's why greater and genuine transparency about the use of data analytics is vital," she added.

Other regulatory actions set out in the report included warning letters sent out to 11 political parties compelling them to agree to audits of their data protection practices. The parties have been issued with a three-month ultimatum to report to the ICO on what actions they will take.

Facebook's chief privacy officer Erin Egan said the social network will respond to the ICO's fine after it has reviewed the report and stressed its regret at not looking into Cambridge Analytica three years ago.

"As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015," Egan said. "We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We're reviewing the report and will respond to the ICO soon."

Andrew Parsons, a partner at law firm Womble Bond Dickinson, was not impressed with the ICO's action.

"It's rare for the ICO to publicly announce that they intend to fine someone before they actually levy the fine. Given the reputation damage that can be done by a fine, this does not seem a fair course of action before a final decision has been taken," he told IT Pro in a statement. 

"It tends to suggest that the ICO is not really interested in what Facebook's response might be. Hopefully this is an exceptional case and not a change of strategy as that would make interacting with the ICO quite difficult."

Image credit: Shutterstock

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021