After a year of litigation, Facebook has agreed to pay a £500,000 fine to the Information Commissioner’s Office (ICO) for its part in the Cambridge Analytica scandal.
As per The Guardian, Facebook has withdrawn its appeal over the £500,000 penalty which is the highest the UK’s data regulator can impose. The Cambridge Analytica data violations occurred in 2015 prior to GDPR, and hence the cap on the fine.
A post-GDPR data privacy violation for Facebook would in principal result in a fine of up to 4% of annual turnover. For an idea of the change in potential penalties for giant corporations GDPR has brought about, Facebook’s annual revenue hit $55.8 billion in 2018.
The UK watchdog first revealed its intent to impose the fine in July 2018, issuing the official penalty in October 2018, three months later.
After Facebook’s appeal the ICO’s tribunal issued an interim decision in June 2019 saying “holding that procedural fairness and allegations of bias on the part of the ICO should be considered as part of the appeal, and that the ICO should be required to disclose materials relating to its decision-making process.”
Facebook continues to deny liability
Despite agreeing to pay the fine Facebook has denied liability over the Cambridge Analytica scandal and this denial forms part of the settlement. Facebook has also kept the documents disclosed by the ICO for its own investigation into the Cambridge Analytica breach. However, the ICO has requested Facebook halt its enquiry.
Facebook is accused of having exposed data relating to 87 million Facebook users to a researcher at Cambridge Analytica. The data and political consulting firm was created after reported discussions between Steve Bannon, who became an advisor to US president Donald Trump, and Rebekah and Robert Mercer.
What happened with Cambridge Analytica?
After its creation, Cambridge Analytica worked on the Trump election campaign. As per a Vox analysis of the Cambridge Analytica scandal, its researcher created a Facebook application that collected data from participants. The application also exploited a loophole in Facebook’s API, that integrates applications with the social media platform, that allowed it to collect the data of the quiz participant’s Facebook friends too. Facebook did prohibit the sale of this kind of data, but Cambridge Analytica is reported to have sold the data regardless.
The scandal, along with numerous others relating to big technology companies and the use of individual data, has led to scrutiny and changes in the way data is collected, protected, and shared. Facebook has had to answer many questions and make numerous changes, and this continues. GDPR is one of a number of data privacy and protection frameworks being considered or developed globally. Today, consumers expect better from the digital platforms they use.
A welcomed agreement
With the recent announcement of Facebook’s compliance with its, arguably somewhat negligible, fine, ICO deputy commissioner, James Dipple-Johnstone says:
“The ICO welcomes the agreement reached with Facebook for the withdrawal of their appeal against our monetary penalty notice and agreement to pay the fine. The ICO’s main concern was that UK citizen data was exposed to a serious risk of harm.”
Dipple-Johnstone points to the political impact of the Cambridge Analytica breach and the importance of data privacy and protection adding:
“Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy. We are pleased to hear that Facebook has taken, and will continue to take, significant steps to comply with the fundamental principles of data protection. With this strong commitment to protecting people’s personal information and privacy, we expect that Facebook will be able to move forward and learn from the events of this case.”
Facebook’s lawyer, Harry Kinmonth, also responded saying he was pleased to have reached a settlement and that:
“As we have said before, we wish we had done more to investigate claims about Cambridge Analytica in 2015. We made major changes to our platform back then, significantly restricting the information which app developers could access. Protecting people’s information and privacy is a top priority for Facebook, and we are continuing to build new controls to help people protect and manage their information.”
Kinmonth adds that Facebook will continue to cooperate with the ICO’s wider investigation into the “use of data analytics for political purposes,” and that:
“The ICO has stated that it has not discovered evidence that the data of Facebook users in the EU was transferred to Cambridge Analytica by Dr [Aleksandr] Kogan.”
Kogan being the researcher implicated in the collection of Facebook user data.
In July this year, the US Federal Trade Commission (FTC) levied a $5 billion penalty to Facebook for improperly sharing user data. If approved by the US justice department the fine will be largest ever from the US government to a technology company.