Facebook would face a £500,000 fine from the UK over the Cambridge Analytica scandal. The ICO (Information Commissioner’s Office) announced penalty over two breaches of the UK Data Protection Act linked to the incident. The organization said in a statement, “The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information”. Fine was approx. $644,000 and Facebook makes $645,000 in less than 9 minutes of operation.
The amount means nothing to Facebook as they had revenues of more than $40 billion in 2017. But it is the maximum amount possible under the applicable legislation.
However, future violations will cause more strict punishments. Under GDPR, the EU’s new data protection legislation, companies can be fined up to €20 million or 4% of their global annual turnover, whichever is higher. GDPR was not applicable because the offenses took place before it came into effect.
What was the Cambridge Analytica data scandal?
Researcher Kogan and his company GSR used personality quiz to harvest the Facebook data of up to 87 million people. Some of this data shared with Cambridge Analytica, used to target political advertising in the US.
“Even after the misuse of the data was discovered in December 2015, Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion,” the ICO said.
The ICO found that more than one million people in the UK had their data harvested by the personality quiz. “A company of its size and expertise should have known better and it should have done better,” said Information Commissioner Elizabeth Denham. The ICO-still investigating how data analytics-used for political purposes.
Politicians called for greater transparency from Facebook considering the ICO fine. Damian Collins MP said: “Given that the ICO is saying that Facebook broke the law, it is essential that we now know which other apps that ran on their platform may have scraped data in a similar way. This cannot by left to a secret internal investigation at Facebook. If other developers broke the law we have a right to know. And the users whose data may have compromised in this way should know”.
The European Union’s new General Data Protection Regulation, commonly known as the DGPR, includes much harsher maximum fines. They fine millions of dollars and companies could lose up to 4 percent of their revenue. The 4% exists for the most serious offenses.
Check out other articles as well.