Facebook will be fined £500,000 for two breaches of the Data Protection Act during the Cambridge Analytica scandal, Britain’s data watchdog has announced today.
The Information Comissioner’s Office (ICO), said the social media giant broke the law by failing to protect users’ information and by not being transparent about how that data was harvested by others.
The ICO launched an investigation into Facebook in February when it emerged that an app had harvested 50 million Facebook users’ data without their knowledge or permission.
The number of people affected is now believed to be 87 million.
Why won’t Facebook be fined more?
Under the Data Protection Act, which was replaced by the General Data Protection Regulation (GDPR) in May, the maximum fine which could be imposed on a company is £500,000.
Because Facebook breached the former laws, the ICO could only impose a £500,000.
But under GDPR, the information watchdog has the power to fine a company up to £17 million (€20 million) or 4% of its global turnover, whichever is higher (the latter by some distance in Facebook’s case).
The ICO has notified Facebook about its intention to hand down the fine and the social media giant now has the opportunity to respond before a final decision will be made.
Investigation into political campaigns use of data
In March 2017, the ICO launched an investigation into whether political parties on both sides had misused people’s personal data during their Brexit campaigns.
It later started another investigation which includes political parties and campaign groups, data analytics companies and major social media platforms.
In a progress report, it sets out regulatory action which includes warning letters to 11 political parties and notices compelling them to agree to audits of their data protection practices.
People need to know how their personal data is used
Information Commissioner Elizabeth Denham said: ‘We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.
‘New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.
‘But this cannot be at the expense of transparency, fairness and compliance with the law.
‘Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system.
‘People cannot have control over their own data if they don’t know or understand how it is being used.’
How to lock down your data
There are steps you can take to control what information you share with Facebook and the apps which use it.
You can read about how to do this in our free guide about how to lock down your personal data on Facebook.
In many cases, you also have the right to demand companies to stop using your personal data for marketing purposes.