Facebook has been hit with a £500,000 fine by the UK’s Information Commissioner’s Office (ICO) for “serious” breaches of data protection laws thanks to Cambridge Analytica. The fine slams Facebook for improperly sharing user data with the data analytics firm, which resulted in a huge furore earlier this year.
The fine is the maximum penalty allowable under the Data Protection Act 1998 as these offences took place before GDPR came into effect.
The fine comes after an investigation into the company’s data sharing policies, which allowed some 87 million users to have their data harvested by a third party.
READ NEXT: What really happened between Facebook and Cambridge Analytica?
During the investigation, the ICO found that between 2007 and 2014, Facebook processed user data unfairly by allowing app developers to access it without sufficient consent. This even allowed access to the data of users data who hadn’t downloaded specific apps – in this case, Cambridge Analytica’s – as it could be shared via friends with those who had.
The ICO investigation also targeted Cambridge Analytica’s London offices, raiding it in March to take an undisclosed volume of evidence.
The ICO also believes that Facebook did not do enough to hold these developers to account.
In many ways, Facebook has got off lightly with these fines. A £500,000 fine is but a blip in the ocean for Facebook’s coffers, but it could have been a lot worse if this had taken place under GDPR.
READ NEXT: How to see everything Facebook knows about you
Under the EU’s new data protection laws, Facebook could have faced a maximum penalty of either £17.6 million or 4% of its global turnover – whichever is higher. Going by Facebook’s $27.64 billion 2017 earnings, this would mean Facebook would have faced a whopping £849 million bill.
“We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation,” said Information Commissioner Elizabeth Denham. “The fine would inevitably have been significantly higher under the GDPR. One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data.
“Our work is continuing. There are still bigger questions to be asked and broader conversations to be had about how technology and democracy interact and whether the legal, ethical and regulatory frameworks we have in place are adequate to protect the principles on which our society is based.”
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
