Facebook fined £500,000 by the ICO following Cambridge Analytica data scandal

UK data watchdog to impose the maximum punishment for two breaches of the Data Protection Act 1998

Facebook will be hit with the maximum fine of 500,000 by the ICO for two breaches of the Data Protection Act 1998 following the Cambridge Analytica scandal.

Information Commissioner Elizabeth Denham published an update of her office's investigation into the misuse of personal data in political campaigns and gave details of some of the organisations and individuals under investigation.

Advertisement - Article continues below

The report also detailed the enforcement actions taken by the ICO, which includes the maximum fine of 500,000 for Facebook. Denham said that fines and prosecutions punish the "bad actors", but her real goal was to effect change and restore trust and confidence in the democratic system.

"We are at a crossroads," she said. "Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

"New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law."

The UK's data protection regulator began it's investigation in May 2017, looking into whether personal data had been misused by campaigns on both sides of the EU referendum.

Advertisement - Article continues below

Facebook and Cambridge Analytica became the focus of the investigation in February when it was discovered an app had been used to harvest the data of 50 million Facebook users, which is now estimated at 87 million by the ICO.

The use of personal data by social networks has come under heavy scrutiny ever since the GDPR came into force and Denham has called for an ethical pause to allow regulators, political parties, online platforms and the public to reflect on their responsibilities in the era of big data and new technologies.

Advertisement - Article continues below

"People cannot have control over their own data if they don't know or understand how it is being used. That's why greater and genuine transparency about the use of data analytics is vital," she added.

Other regulatory actions set out in the report included warning letters sent out to 11 political parties compelling them to agree to audits of their data protection practices. The parties have been issued with a three-month ultimatum to report to the ICO on what actions they will take.

Facebook's chief privacy officer Erin Egan said the social network will respond to the ICO's fine after it has reviewed the report and stressed its regret at not looking into Cambridge Analytica three years ago.

"As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015," Egan said. "We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We're reviewing the report and will respond to the ICO soon."

Advertisement - Article continues below

Andrew Parsons, a partner at law firm Womble Bond Dickinson, was not impressed with the ICO's action.

"It's rare for the ICO to publicly announce that they intend to fine someone before they actually levy the fine. Given the reputation damage that can be done by a fine, this does not seem a fair course of action before a final decision has been taken," he told IT Pro in a statement. 

"It tends to suggest that the ICO is not really interested in what Facebook's response might be. Hopefully this is an exceptional case and not a change of strategy as that would make interacting with the ICO quite difficult."

Image credit: Shutterstock

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020