Facebook has been hit with a £500,000 fine by the Information Commissioner’s Office (ICO) for failing to protect the data of its users during the Cambridge Analytica scandal.
The fine is the maximum possible punishment the ICO is allowed to deliver, as it slammed Facebook for what it called “serious breaches of data protection law”.
The ICO (opens in new tab) also says that after the breaches were discovered, Facebook failed to do another to follow up and regulate bodies such as Cambridge Analytica for improperly using user data.
“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data,” said Elizabeth Denham, Information Commissioner. “A company of its size and expertise should have known better and it should have done better.”
Facebook ICO fine
The fine follows a Notice of Intent served by the ICO back in July that it would be investigating Facebook as part of a wide-ranging probe into the use of data analytics for political purposes.
As the alleged infringement took place between 2007 and 2014, it does not fall under GDPR, which could have seen Facebook’s fine be significantly more.
“We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation,” Denham added. “The fine would inevitably have been significantly higher under the GDPR. One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data.”
“Our work is continuing. There are still bigger questions to be asked and broader conversations to be had about how technology and democracy interact and whether the legal, ethical and regulatory frameworks we have in place are adequate to protect the principles on which our society is based.”