Facebook fined £500,000 by the ICO following Cambridge Analytica data scandal

UK data watchdog to impose the maximum punishment for two breaches of the Data Protection Act 1998

Facebook will be hit with the maximum fine of 500,000 by the ICO for two breaches of the Data Protection Act 1998 following the Cambridge Analytica scandal.

Information Commissioner Elizabeth Denham published an update of her office's investigation into the misuse of personal data in political campaigns and gave details of some of the organisations and individuals under investigation.

Advertisement - Article continues below

The report also detailed the enforcement actions taken by the ICO, which includes the maximum fine of 500,000 for Facebook. Denham said that fines and prosecutions punish the "bad actors", but her real goal was to effect change and restore trust and confidence in the democratic system.

"We are at a crossroads," she said. "Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

"New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law."

The UK's data protection regulator began it's investigation in May 2017, looking into whether personal data had been misused by campaigns on both sides of the EU referendum.

Advertisement
Advertisement - Article continues below

Facebook and Cambridge Analytica became the focus of the investigation in February when it was discovered an app had been used to harvest the data of 50 million Facebook users, which is now estimated at 87 million by the ICO.

The use of personal data by social networks has come under heavy scrutiny ever since the GDPR came into force and Denham has called for an ethical pause to allow regulators, political parties, online platforms and the public to reflect on their responsibilities in the era of big data and new technologies.

Advertisement - Article continues below

"People cannot have control over their own data if they don't know or understand how it is being used. That's why greater and genuine transparency about the use of data analytics is vital," she added.

Other regulatory actions set out in the report included warning letters sent out to 11 political parties compelling them to agree to audits of their data protection practices. The parties have been issued with a three-month ultimatum to report to the ICO on what actions they will take.

Facebook's chief privacy officer Erin Egan said the social network will respond to the ICO's fine after it has reviewed the report and stressed its regret at not looking into Cambridge Analytica three years ago.

"As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015," Egan said. "We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We're reviewing the report and will respond to the ICO soon."

Advertisement - Article continues below

Andrew Parsons, a partner at law firm Womble Bond Dickinson, was not impressed with the ICO's action.

"It's rare for the ICO to publicly announce that they intend to fine someone before they actually levy the fine. Given the reputation damage that can be done by a fine, this does not seem a fair course of action before a final decision has been taken," he told IT Pro in a statement. 

"It tends to suggest that the ICO is not really interested in what Facebook's response might be. Hopefully this is an exceptional case and not a change of strategy as that would make interacting with the ICO quite difficult."

Image credit: Shutterstock

Advertisement
Advertisement

Recommended

Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020