British regulator to fine Facebook over data protection breaches

Wednesday, 11 Jul, 2018

More than 50 million Facebook users - including one million people in the United Kingdom - had data harvested by Cambridge Analytica without their consent.

But it would represent the first tangible punishment for the company's privacy scandal, which tarnished its reputation, temporarily pushed down its shares and forced CEO Mark Zuckerberg to testify before Congress, but otherwise had few lasting repercussions. The General Data Protection Regulation, more commonly called the GDPR, allowed for a maximum fine of 20 million euros or 4 percent of a company's annual global revenue from the year before, whichever is higher.

The London-based firm worked for Donald Trump's campaign team in the 2016 U.S. presidential election and used the data to build a software program to predict and try to influence votes.

Erin Egan, Facebook's chief privacy officer, acknowledged in a statement Tuesday that Facebook "should have done more to investigate claims about Cambridge Analytica and take action in 2015".

Facebook will get a chance to respond to the proposed penalties before the ICO releases a final decision.

IMF Bentham said it had partnered with law firm Johnson Winter & Slattery to lodge the complaint with the Office of the Australian Information Commissioner.

The ICO is also launching a criminal prosecution against SCL Elections, an organisation affiliated with Cambridge Analytica, and has sent warning letters to 11 political parties and "notices compelling them to agree to audits of their data protection policies".

"This can not by left to a secret internal investigation at Facebook". The company has said it plans to do so "soon".

The U.K.'s probe adopted a wide lens, focusing not only on Facebook but the ecosystem of players - totaling 172 organizations and 285 individuals - involved in the collection and sale of data about web users for political purposes. The agency said Tuesday that the social media giant "contravened the law by failing to safeguard people's information".

Since its entanglement with Cambridge Analytica became public, Facebook has pledged to review all third-party apps on the platform while introducing new transparency measures, including an online repository of all political ads that run on the site. "It also found that the company failed to be transparent about how people's data was harvested by others".

"Facebook should now make the results of their internal investigations known to the ICO, our committee and other relevant investigatory authorities".