UK watchdog fines Facebook US$644,000 over Cambridge Analytica user data breach

  • Data authority said Facebook processed personal information of users unfairly by giving developers access to it without informed consent
PUBLISHED : Thursday, 25 October, 2018, 5:35pm
UPDATED : Thursday, 25 October, 2018, 6:20pm

Britain’s Information Commissioner has slapped Facebook with a fine of £500,000 pounds (US$644,000) – the maximum possible – for its behaviour in the Cambridge Analytica scandal.

The ICO’s investigation found that between 2007 to 2014, Facebook processed the personal information of users unfairly by giving app developers access to their information without informed consent.

These failings meant one developer, Aleksandr Kogan, and his company, GSR, harvested the Facebook data of up to 87 million people worldwide without their knowledge. Kogan’s app allowed Cambridge Analytica to access the data.

The ICO found that the personal information of at least 1 million UK users was among harvested data.

“Even after the misuse of the data was discovered in December 2015, Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion,” said the ICO report. “In the case of SCL Group, Facebook did not suspend the company from its platform until 2018.”

The fine, which represents a drop in the ocean for a company that brought in US$13.2 billion in global revenue in the last financial quarter, was the maximum allowed under the law at the time the breach occurred.

Had the scandal taken place after new EU data protection rules went into effect, the amount could have been £17 million (US$22 million) or 4 per cent of global turnover – whichever is the higher amount.

How Cambridge Analytica’s parent company helped ‘man of action’ Rodrigo Duterte win the 2016 Philippines election

“We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation,” said Information Commissioner Elizabeth Denham. “One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data.”

Social media companies have come under pressure globally following allegations that political consultancy firm Cambridge Analytica used data from tens of millions of Facebook accounts to profile voters and help US President Donald Trump’s 2016 election campaign.

“Our work is continuing.” Denham said. “There are still bigger questions to be asked and broader conversations to be had about how technology and democracy interact and whether the legal, ethical and regulatory frameworks we have in place are adequate to protect the principles on which our society is based.”

Additional reporting by The Guardian