Facebook fined £500,000 by the ICO following Cambridge Analytica data scandal

UK data watchdog to impose the maximum punishment for two breaches of the Data Protection Act 1998

Facebook will be hit with the maximum fine of 500,000 by the ICO for two breaches of the Data Protection Act 1998 following the Cambridge Analytica scandal.

Information Commissioner Elizabeth Denham published an update of her office's investigation into the misuse of personal data in political campaigns and gave details of some of the organisations and individuals under investigation.

The report also detailed the enforcement actions taken by the ICO, which includes the maximum fine of 500,000 for Facebook. Denham said that fines and prosecutions punish the "bad actors", but her real goal was to effect change and restore trust and confidence in the democratic system.

"We are at a crossroads," she said. "Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

"New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law."

The UK's data protection regulator began it's investigation in May 2017, looking into whether personal data had been misused by campaigns on both sides of the EU referendum.

Facebook and Cambridge Analytica became the focus of the investigation in February when it was discovered an app had been used to harvest the data of 50 million Facebook users, which is now estimated at 87 million by the ICO.

The use of personal data by social networks has come under heavy scrutiny ever since the GDPR came into force and Denham has called for an ethical pause to allow regulators, political parties, online platforms and the public to reflect on their responsibilities in the era of big data and new technologies.

"People cannot have control over their own data if they don't know or understand how it is being used. That's why greater and genuine transparency about the use of data analytics is vital," she added.

Other regulatory actions set out in the report included warning letters sent out to 11 political parties compelling them to agree to audits of their data protection practices. The parties have been issued with a three-month ultimatum to report to the ICO on what actions they will take.

Facebook's chief privacy officer Erin Egan said the social network will respond to the ICO's fine after it has reviewed the report and stressed its regret at not looking into Cambridge Analytica three years ago.

"As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015," Egan said. "We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We're reviewing the report and will respond to the ICO soon."

Andrew Parsons, a partner at law firm Womble Bond Dickinson, was not impressed with the ICO's action.

"It's rare for the ICO to publicly announce that they intend to fine someone before they actually levy the fine. Given the reputation damage that can be done by a fine, this does not seem a fair course of action before a final decision has been taken," he told IT Pro in a statement. 

"It tends to suggest that the ICO is not really interested in what Facebook's response might be. Hopefully this is an exceptional case and not a change of strategy as that would make interacting with the ICO quite difficult."

Image credit: Shutterstock

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021