Facebook faces the first financial penalty levelled against it since the massive Cambridge Analytica data scandal.
The UK’s Information Commissioner’s Office (ICO) has slammed Facebook with a £500,000 fine and has accused the social network of not protecting user data.
It also accused Facebook of not being transparent about how it shared information with third parties.
‘Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system’
– ELIZABETH DENHAM
The ICO launched an investigation into the data collection and management practices of the various political parties, data analytics companies and social media platforms in the aftermath of the Cambridge Analytica affair.
The Cambridge Analytica data scandal erupted in March when it emerged that the political consultancy of the same name, with US Conservative backers, collaborated with a University of Cambridge psychology professor Dr Aleksandr Kogan to gather data on Facebook users. They did so via an app called This is Your Digital Life whereby users consented to give up their personal details as well as connections to their friends list.
The app was downloaded about 270,000 times but it is understood that at least 87m people had their data harvested from Facebook because This Is Your Digital Life was able to take advantage of privacy weaknesses in Facebook’s app ecosystem.
The suspicion is that the gathering of the data enabled Cambridge Analytica to target advertising in the UK and the US that may have contributed to the victory of the Leave vote in the UK’s EU referendum as well as the shock US presidential election victory of Donald Trump.
Restoring faith in democracy
The investigation has resulted in the decision by the ICO to fine Facebook a maximum of £500,000 for two breaches of the Data Protection Act 1998.
“The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information,” the ICO said. “It also found that the company failed to be transparent about how people’s data was harvested by others.”
Facebook will have a chance to respond to the ICO’s notice of intent, after which a final decision will be made.
Following its investigation, the ICO has sent a warning letter to 11 political parties with notices compelling them to agree to audits of their data protection practices.
The ICO has also issued an enforcement notice to Cambridge Analytica’s parent company, SCL Elections, to properly deal with a subject access request from Prof David Carroll. It is also taking a criminal prosecution against SCL Elections for failing to deal with its enforcement notices.
Furthermore, the ICO is taking regulatory action against data broker Emma’s Diary/Lifecycle Marketing (Mother and Baby) Ltd.
It has said that it plans to carry out audits of the main credit reference companies and Cambridge University’s Psychometrics Centre.
“We are at a crossroads,” said UK information commissioner Elizabeth Denham. “Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.
“New technologies that use data analytics to microtarget people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.
“Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system,” Denham said.