Facebook faces over $650G fine in Britain over data misuse scandal

Wednesday, 11 Jul, 2018

The amount is the maximum allowed under the Data Protection Act 1998, but is pocket change for a company valued a year ago at around $590bn (£445bn).

The UK Information Commissioner's Office on Tuesday announced a preliminary fine of 500,000 pounds ($664,000) after finding the social-media giant had failed to protect user data and wasn't transparent about how the user data was obtained by others.

Updating on her investigation into the use of data analytics by political campaigns, Britain's Information Commissioner Elizabeth Denham said she meant to fine Facebook 500,000 pounds ($663,850), a small figure for a company with a market value of $590 billion, but the maximum amount allowed.

Because of the timing of the breaches, the ICO said it was unable to impose penalties that have since been introduced by the European General Data Protection, which would cap fines at 4.0 per cent of Facebook's global turnover.

Media Committee chairman Damian Collins commented: "Given that the ICO is saying that Facebook broke the law, it is essential that we now know which other apps that ran on their platform may have scraped data in a similar way".

Information Commissioner Elizabeth Denham said: "New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters".

It is the largest possible penalty that can be handed out by Britain's information watchdog, which found the social media giant had broken the law by failing to safeguard millions of users' data.

Just 53 Australians downloaded the "this is your digital life" Facebook quiz app responsible for the Cambridge Analytica data breach.

Facebook is able to respond to the commissioner before the fine is applied.

"Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes", she said.

The ICO is also probing another pro-Brexit campaign group, Vote Leave, for sending personal data on United Kingdom citizens to a Cambridge Analytica-like (and possible Cambridge Analytica-affiliated) company called AggregateIQ, which Facebook has kicked off its platform. "But this can not be at the expense of transparency, fairness and compliance with the law".

"It shows the scale of the problem and that we are doing the right thing with our new data protection rules", she said.

"The alleged breaches surround the circumstances in which a third party, Cambridge Analytica, gained unauthorised access to users' profiles and information", the company said.

The ICO said its investigation is continuing and the next phase is expected to be concluded by the end of October.

Facebook could face a hefty compensation bill in Australia after a leading litigation funder lodged a complaint with the country's privacy regulator over users' personal data shared with a British political consultancy.

However, the Information Commissioner's report said other regulatory action would include a criminal prosecution against Cambridge Analytica's parent firm, SCL Elections, for failing to deal with the regulator's enforcement notice.