Cambridge Analytica models were exaggerated and ineffective, ICO claims

The regulator has confirmed it will end its ongoing investigation into misuse of data in political campaigning

The UK’s data regulator has ended its investigation into the infamous Cambridge Analytica scandal, declaring that the models and techniques used by the now-defunct data processing company were exaggerated and likely inaccurate.

Writing to the chair of parliament’s digital, culture, media and sport committee Julian Knight, the Information Commissioner Elizabeth Denham has also reiterated that its ongoing investigation into data abuse rendered no further evidence to warrant any further action.

This investigation, spearheaded by the Information Commissioner’s Office (ICO), included an analysis of materials obtained from Cambridge Analytica, and seized under warrant. This process, however, led Denham to the conclusion there is very little to change the regulator’s initial understanding of what happened.

The scandal erupted in the form of a data leak first reported in December 2015, and quickly gained traction as the implications became much clearer. Cambridge Analytica had been found to gather data from Facebook users in the form of an online quiz, as well as their friends and contacts. 

By harvesting and processing this data, it was reported the company was able to market a tool to political campaigns that would microtarget voters based on granular demographic information with specific messaging.

In reality, however, the ICO argues the powers of Cambridge Analytica in this department were overhyped and ineffective against the purpose. 

The company’s claim that it had “over 5,000 data points per individual on 230 million adult Americans”, for example, may have been exaggerated. The data analysis techniques used were also in the main commonly available and routinely used by other entities. 

Within the company, there was also a level of scepticism as to whether the technology actually worked, according to internal communications, with concern about the external company messaging set against the reality of results.

The ICO opened an investigation into the implications of the data leak, as well as the wider use and abuse of data in political campaigning not long after the story first broke. Facebook was fined £500,000 as a result of the investigation, while the Brexit campaigns Vote Leave and Leave.EU were each fined £40,000 and £15,000 respectively for violaitions. 

“Since my last appearance before the Committee in April 2019 my office has continued its investigative work, completing the remaining lines of enquiry as far as the evidence took us,” Denham wrote in the letter. 

“This included analysis of materials obtained during the investigation and those seized under warrant. This has, overall, confirmed and reinforced the findings of my previous reports. I have therefore concluded that there is little in the vast volumes of evidence we have now worked through that has changed our initial understanding or identified new lines of enquiry that suggest they could drive new insight.”

The ICO, therefore, has concluded there is no further reason to take any additional action around the use of data in political campaigning. This is despite Denham confirming she has been compelled to make “significant recommendations” to a number of organisations, including political parties and data brokers, in order for them to make changes to comply with data protection legislation. 

This suggests there has been some non-compliance with legislation such as the Data Protection Act 2018, although Denham added “identified no significant breaches of the privacy and electronic marketing regulations and data protection legislation that met the threshold for formal regulatory action.”

This is made in specific reference to the wider investigation on both the remain and leave side of the UK’s Brexit referendum. “Where the organisation continued in operation,” she continued, “I have provided advice and guidance to support better future compliance with the rules.”

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020
ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
How to wipe a laptop easily and securely
Security

How to wipe a laptop easily and securely

5 Oct 2020