Update (25/10/18): In July, the UK’s Information Commissioner’s Office (ICO) issued Facebook with a £500,000 fine in the wake of the Cambridge Analytica scandal – the maximum fine allowed by 1998’s Data Protection Act. The decision doesn’t sit well with Facebook, however, as the social network prepares plans to contest the ruling.
“We are currently reviewing the ICO's decision. While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015,” a Facebook spokesperson said in a statement to The Inquirer.
“We are grateful that the ICO has acknowledged our full cooperation throughout their investigation, and have also confirmed they have found no evidence to suggest UK Facebook users' data was in fact shared with Cambridge Analytica.”
The social network is holding its cards close to its chest, however it indicates that out of the 87 million users affected by Cambridge Analytica, none reside in the United Kingdom. This contradicts the ICO's claims that over 1 million UK users were affected. While Facebook still needs to argue its case, if the platform's point is proven to be true then the controversy would remain outside of the ICO’s jurisdiction.
Original story (11/07/18): Many regulators have stepped up in the wake of the Cambridge Analytica scandal to probe and potentially punish Facebook for allowing the data of 87 million users to fall into the wrong hands. The UK’s Information Commissioner’s Office (ICO) has now completed its review of the situation, issuing the maximum fine of £500,000.
The ICO’s investigation into Facebook’s dealings with Cambridge Analyica have been going on since March, with the regulator finding the social media network guilty of breaking British data protection laws through lack of proper safeguarding. Unfortunately, the ICO’s fine has been capped at £500,000 thanks to the Data Protection Act 1998, costing Facebook less than 30 minutes’ worth of profit.
“Facebook has failed to provide the kind of protections they are required to under the Data Protection Act,” explains the information commissioner, Elizabeth Denham. “Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system.”
Although the breach goes against the new General Data Protection Regulation (GDPR) rules, capping fines at a whopping €20m (£17m) or 4 per cent of global turnover, Facebook managed to escape the potential £1.4bn fine due to the Cambridge Analytica scandal pre-dating the introduction of the new policies.
The ICO’s ruling is preliminary, with Facebook’s chief privacy officer Erin Egan admitting that the social media giant has been “working closely with the ICO in their investigation of Cambridge Analytica,” alongside officials over in the US. “We're reviewing the report and will respond to the ICO soon. As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015.”
The Cambridge Analytica scandal has called into question other social media sites, as the ICO continues to investigate a total of 30 companies and their part in the EU referendum. SCL Elections, the now-defunct parent company to similarly discontinued Cambridge Analytica, is facing criminal prosecution as a result of its hand in the breach.
“Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes,” continues Denham. “New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.”
KitGuru Says: Although it’s not the best punishment for a company the size of Facebook, at least the social media site is facing some kind of reprimand. What do you think of Facebook’s penalties regarding its hand in Cambridge Analytica so far?