Facebook Inc was slapped with a symbolic 500,000-pound ($645,000) fine by the UK’s privacy regulator for “serious” violations of data protection rules that paved the way for the Cambridge Analytica scandal.
The fine is the highest possible for the Information Commissioner’s Office under old rules that predated this year’s European Union revamp of privacy penalties. The ICO said that between 2007 and 2014, “Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent.”
The revelations that data belonging to millions of Facebook users and their friends may have been misused triggered a global backlash from investors and regulators. The ICO has led the European investigations into how such an amount of data - most belonging to US and UK residents - could have ended up in the hands of Cambridge Analytica, a consulting firm that worked on Donald Trump’s US presidential campaign.
“Facebook also failed to keep the personal information secure because it failed to make suitable checks on apps and developers using its platform,” the ICO said Thursday. “These failings meant one developer, Dr Aleksandr Kogan and his company GSR, harvested the Facebook data of up to 87 million people worldwide, without their knowledge.”
Kogan is the researcher who collected users’ information and subsequently sold it to Cambridge Analytica.
The UK’s privacy commissioner, Elizabeth Denham, who attended a privacy conference in Brussels on Thursday, said in the statement that “a company of its size and expertise should have known better and it should have done better,” referring to the social network giant.
“While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015,” Facebook said in an emailed response to the ICO decision.
“We are grateful that the ICO has acknowledged our full cooperation throughout their investigation, and have also confirmed they have found no evidence to suggest UK Facebook users’ data was in fact shared with Cambridge Analytica,” the company said.
The fine comes on the same day that the company drew praise from some of Europe’s top privacy officials, including EU Justice Commissioner Vera Jourova, for its pledge of support for greater protection of personal data. She said the Cambridge Analytica affair sent shock waves through the EU’s democratic system ahead of elections in the 28-nation EU.
Facebook Chief Executive Officer Mark Zuckerberg, and Apple Inc CEO Tim Cook both told a Brussels event on Wednesday, 24 October, that the US should follow the EU’s lead on privacy.
“People need to have confidence that their personal data is safe,” UK Prime Minister Theresa May’s spokesman, James Slack, told reporters in London on Thursday. The penalty “was the biggest fine allowed under the previous data protection regulations, which were passed in 1998.” Under the new EU law, fines are possible up 4 percent of global revenue.
(This story was first published on Bloomberg Quint).