The UK’s Information Commissioner’s Office has announced that it will fine Facebook for the Cambridge Analytica data breaches.
Facebook is facing a £500,000 fine – the maximum allowed in these cases – from the UK’s data protection watchdog, the Information Commissioner’s Office (ICO). According to the BBC, the ICO said that Facebook “had failed to ensure another company” in this case Cambridge Analytica “had deleted users’ data.”
In addition to the fine, the ICO also intents to direct criminal action at Cambridge Analytica’s parent company – SCL Elections.
Facebook isn’t the only company to face the ICO’s wrath, but it is certainly the one that will face the biggest fine. Still, the fine is quite low compared with previous ones like the 110m-Euro fine from the European Commission in 2017. It’s also quite low when one considers that the penalty refers to two breaches, and not one, of the UK Data Protection Act, and in which Cambridge Analytica misappropriated tens of millions of users’ personal data.
In a statement, the ICO explained that its “investigation concluded that Facebook contravened the law by failing to safeguard people’s information,” as well a failing “to be transparent about how people’s data was harvested by others.”
While the £500,000 fine is a tiny amount for Facebook, the ruling creates a precedent for further like it in the future – ones that may cause Facebook a few headaches. Under GDPR, companies can be fined up to €20 million or 4% of their global annual turnover, whichever is higher. That would certainly get Facebook’s attention.
Facebook has announced that it will respond “soon” to the ruling.