Social media giant Facebook has agreed to pay the UK’s data regulator a £500,000 fine for its role in the Cambridge Analytica scandal.
Facebook appealed the fine last November, which led to a counter-appeal from the Information Commissioner’s Office (ICO).
The US firm argued that the ICO did not find any evidence that specifically proved UK citizens’ data was shared with Cambridge Analytica. The ICO countered that Facebook’s practice of providing third-party developers with access to personal data put UK users at risk.
“The ICO’s main concern was that UK citizen data was exposed to a serious risk of harm,” said James Dipple-Johnstone, deputy commissioner of the ICO. “Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy.”
Facebook has not made any admission of liability as part of the agreement with ICO.
The social network told the BBC it “wished it had done more to investigate Cambridge Analytica” earlier.
In 2016 the now-defunct political consultancy harvested personal data on up to 87 million Facebook users – largely from the US – without their consent and then used that data to create highly targeted political adverts for the Trump campaign.
Facebook Cambridge Analytica fine a “clear victory for ICO”
Facebook’s Cambridge Analytica fine is the maximum enforceable under previous data protection regulations. Had the scandal taken place post-May 2018, Facebook would have faced a maximum fine of up to 4% of its global annual turnover.
Some had questioned why Facebook appealed a fine equivalent to 15 minutes of the tech giant’s profits. Legal experts previously told Verdict that the appeal was about sending a message that it won’t give regulators an easy ride and not about winning the case.
But Robert Wassall, director of Legal Services at cybersecurity firm ThinkMarble, told Verdict that the fine was a victory for the ICO.
“Hidden behind the headlines and the key to this news is that in June this year Facebook successfully argued that the ICO should be required to disclose materials relating to its decision-making process regarding the £500,000 fine it imposed,” he said. “This suggests that Facebook was hoping that this disclosure would show evidence of bias against it by the ICO.
“The fact that this settlement has been reached implies that Facebook did not find what it was looking for and thought it best to pay up. A clear victory for the ICO.”
Robert Ramsden Board, VP of EMEA at cybersecurity firm Securonix, said: “For a long time, Facebook appeared immune to privacy regulations and concerns. However, the numerous fines the platform has been facing recently for the misuse of peoples’ data marks a change in attitudes as people become more concerned about how their personal data is held and used online.
“Regulators will continue to hold Facebook responsible for protecting the privacy of its users, therefore, the ICO fine should act as a wake up call to other organisations that customer data privacy is of fundamental importance.”