For Facebook's part in the ongoing Cambridge Analytica scandal, the UK's Information Commissioner’s Office (ICO) has today stated its intent to fine the social network £500,000, finding the company to be in breach of the country's Data Protection Act.
Specifically, Facebook is being fined for two breaches to the act, which the official ICO report lists as “failing to safeguard people’s information” and “failing to be transparent about how people’s data was harvested by others”.
The final decision regarding the fine will be made after Facebook issues a response to the notice.
A drop in the ocean
The total fine of £500,000 ($663,130) is the maximum possible amount that the ICO could have penalized Facebook. That's due to the time period in which the breaches took place. If the incidents had occurred more recently – such as after the new European General Data Protection Regulation (GDPR) had taken effect – the company could have faced fines of £17 million, or even £1.4 billion (around 4% of its global turnover).
From a broader perspective, that £500,000 amount pales in comparison to Facebook’s earning potential. Based on the earnings the company took in 2018’s first quarter ($11.97 billion), Facebook would be able to pay off the fine in just seven minutes.
The penalty and resulting fine only comprise a small portion of the ICO’s report, which initially was undertaken to investigate the misuse of data during the UK's EU referendum (AKA, Brexit).
As such, the “investigation into data analytics in political campaigns” has resulted in a number of other regulatory actions and recommendations. These include sending out 11 warning letters to political parties in the UK, “compelling them to agree to audits of their data protection practices”.
The report also initiates the prosecution of SCL Elections Ltd, which is Cambridge Analytica’s parent company, “for failing to properly deal with the ICO’s Enforcement Notice”.
The ICO's chief, Information Commissioner Elizabeth Denham, also issued a statement regarding the findings, saying that the UK is “at a crossroads” when it comes to data and privacy. “Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.”
“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.”
“Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system.”