Facebook has received a £500,000 fine from the UK’s data protection watchdog for failing to protect users’ info or tell them how their data will be harvested.
The promised penalty relates to the social media giant's role in the Cambridge Analytica data harvesting scandal, which saw the personal information of some 87 million users’ information sucked up and shared by an app developer.
The Information Commissioner’s Office has ruled that the biz had twice broken data protection laws – by failing to safeguard people’s information, and by failing to be properly transparent about how that info can be used.
As such it has served Facebook with a notice of intent, and if doled out as expected, it will be the biggest fine issued by the ICO – £500,000 is the maximum allowed under the Data Protection Act 1998, which was in force when the breach occurred.
However, it remains a mere drop in the ocean for the Zuckerborg, which reported (PDF) net income of $5bn in its last quarter. It's also about half of what the Spanish data protection authorities last year doled out to the firm for privacy failings.
It's not over yet
The Facebook probe is part of a wider investigation into the use of data in political campaigns, which the ICO launched last year, the interim results of which are out today.
The report sets out regulatory action taken against a number of the star players in this year’s data scandal, including a criminal prosecution against Cambridge Analytica’s parent biz SCL Elections Ltd – which has since folded, in name at least – for failing to properly deal with the ICO’s enforcement notice.
The ICO is also planning audits of the main credit reference companies and Cambridge University Psychometric Centre, and ordered Canadian data slurpers Aggregate IQ to stop processing data retained on UK citizens.
Four US govt agencies poke probe in Facebook following more 'oops, we spilled your data' shocksREAD MORE
Meanwhile, the ICO has sent warning letters to 11 political parties, compelling them to agree to audits of their data protection practices. Back in December last year, the ICO revealed that right-wing party UKIP was being less than cooperative in this regard.
Among the main areas of concern are that parties buy up marketing lists and lifestyle information from data brokers without proper due diligence and fail to check consents when using third party data analytics companies.
In a statement issued in advance, information commissioner Elizabeth Denham warned that voters’ faith in the political system was being eroded.
“Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes,” she said.
“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.”
An unethical pause
The ICO will also make a set of recommendations to the government, including a statutory code of practice for the use of personal data in political campaigns.
Universities have also been warned to keep a closer eye on the risks of academics working with personal data in research and their own companies, or third parties.
Finally, in a hugely optimistic bid, Denham has called for an “ethical pause” to allow lawmakers, regulators, political parties, online platforms and the public “to reflect on their responsibilities in the era of big data before there is a greater expansion in the use of new technologies”.
The ICO’s probe into whether political parties had used data manipulate the populous in the Brexit referendum was launched in March 2017, and later extended that to cover data analytics firms, data brokers and social media platforms.
The full investigation is due to complete in October this year, and the reports on the interim findings, as well as an analysis on trends in data use in political campaigns from think tank Demos, are due to be published at 0600 on Wednesday morning. ®