Facebook hit with maximum fine under British law for Cambridge Analytica scandal
Britain's information regulator slapped Facebook with a small but symbolic fine for breaches of data protection law after millions of users' data were improperly accessed by consultancy Cambridge Analytica.
The 500,000-pound ($871,470 Cdn) fine is less that 10 minutes worth of revenue for the social media firm worth $590 billion, but is the maximum amount allowed and emphasizes how regulators are finding fault in Facebook's business practices.
Facebook CEO Mark Zuckerberg has faced questioning by U.S. and EU lawmakers over how Cambridge Analytica improperly got hold of the personal data of 87 million Facebook users from a researcher.
The company has promised to introduce reforms to its policies ahead of local elections in Britain next year.
Updating on her investigation into the use of data analytics by political campaigns, Britain's Information Commissioner's Office (ICO) said it would fine Facebook, though it can respond to the commissioner before a final decision is made.
Information Commissioner Elizabeth Denham said Facebook had broken the law by failing to safeguard people's information, and had not been transparent about how data was harvested by others on its platform.
"New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law," she said in a statement.
Future offences could be more costly
The fine is the maximum allowed under Britain's old data protection law, although that was replaced by the European Union's General Data Protection Regulation (GDPR) in May, where companies can be fined up to four per cent of revenue for breaches.
Canadian whistleblower Christopher Wylie welcomed the verdict, in a post on social media.
Just to sum up. 1) Facebook broke the law. 2) Cambridge Analytica broke the law. 3) Vote Leave broke the law. 4) LeaveEU broke the law. 5) Brexit and Trump were both won through breaking the law. 6) Facebook let it all happen and covered it up. <a href="https://t.co/CAOrP5rKry">https://t.co/CAOrP5rKry</a>—@chrisinsilico
Facebook said it was reviewing the report and would respond soon.
"As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015," Erin Egan, Facebook's chief privacy officer, said in a statement. "We have been working closely with the Information Commissioner's Office in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries."
British lawmakers have launched an inquiry into "fake news" and its effect on election campaigns, and have increasingly focused on Cambridge Analytica. The ICO said it was providing the interim report to help that inquiry.
The chair of the parliamentary inquiry Damian Collins said that other apps could also have collected data on users in a similar way to the Cambridge Analytica data.
"Given that the ICO is saying that Facebook broke the law, it is essential that we now know which other apps that ran on their platform may have scraped data in a similar way," he said.
Cambridge Analytica, which was hired by Donald Trump in 2016, has denied its work on the U.S. president's successful election campaign made use of data allegedly improperly harvested from around 87 million Facebook users.
It has also said that, while it pitched for work with campaign group Leave.EU ahead of the Brexit referendum in Britain in 2016, it did not end up doing any work on the campaign.
However, the information commissioner's report said other regulatory action would include a criminal prosecution against Cambridge Analytica's parent firm, SCL Elections, for failing to deal with the regulator's enforcement notice.
It also said it would send warning letters to 11 political parties to compel them to audit their data protection practices.
It said it was investigating both leave and remain campaigners in the referendum, and that it had issued an enforcement notice for AIQ, a data firm that worked for official Brexit campaign Vote Leave, to stop processing retained data from British citizens.