ICO Fine Facebook Half A Million Pounds

Uploaded on 2018-07-11 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law, TECHNOLOGY-Key Areas-Social Media

Facebook is to be fined £500,000, the maximum amount possible, for its part in the Cambridge Analytica scandal, the information commissioner has announced.

The fine is for two breaches of the Data Protection Act. The Information Commissioner’s Office (ICO) concluded that Facebook failed to safeguard its users’ information and that it failed to be transparent about how that data was harvested by others.

“Facebook has failed to provide the kind of protections they are required to under the Data Protection Act,” said Elizabeth Denham, the information commissioner. “Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system.”

The sum is barely even a slap on the wrist for Facebook, which had revenues of more than $40 billion in 2017, but is the maximum possible under the applicable legislation.

Future violations will be able to be punished much more strictly, however: Under GDPR, the EU's new data protection legislation, companies can be fined up to €20 million or 4% of their global annual turnover, whichever is higher. (GDPR was not applicable because the offenses took place before it came into effect.)

In the first quarter of 2018, Facebook took £500,000 in revenue every five and a half minutes. Because of the timing of the breaches, the ICO said it was unable to levy the penalties introduced by the European General Data Protection (GDPR), which caps fines at the higher level of €20m (£17m) or 4% of global turnover – in Facebook’s case, $1.9bn (£1.4bn). The £500,000 cap was set by the Data Protection Act 1998.

Recently, Denham said: “This was a very serious contravention, so in the new regime they would face a much higher fine.”
Asked on BBC Radio 4’s Today programme if the fine now would amount to hundreds of millions of pounds, she said it “could”. Denham added: “This is not all about fines though … any company is worried about its reputation, because people want to feel that their data is safe. 

“In 2014 and 2015, the Facebook platform allowed an app … that ended up harvesting 87m profiles of users around the world that was then used by Cambridge Analytica in the 2016 presidential campaign and in the referendum.”

Facebook’s chief privacy Officer, Erin Egan, said of the intent to fine: “As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015. We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We’re reviewing the report and will respond to the ICO soon.” 

The inquiry, described by Denham as “the most important investigation that the ICO has ever undertaken”, has also resulted in warning letters being sent to 11 political parties, every UK party with an MP in the House of Commons as of March 2017, when the investigation began, and notices compelling them to agree to data protection audits.

It has led to a criminal prosecution of SCL Elections, Cambridge Analytica’s parent company, for failing to properly deal with the ICO’s enforcement notice, and an enforcement notice against the same for not replying to a subject access request from an American whose data it held. SCL Elections declared bankruptcy in May, two months after the Observer reported that 50m Facebook profiles had been obtained. Denham said the ICO was examining whether the company’s directors could be still be pursued now that SCL Elections had been placed into administration.

The investigation also found that Aggregate IQ, a Canadian electoral services company, had “significant links” to Cambridge Analytica, Denham said, and “may still retain” data about UK voters; the ICO has filed an enforcement notice against the company to stop processing that data.

How the story unfolded
In December 2016, while researching the US presidential election, Carole Cadwalladr came across data analytics company Cambridge Analytica, whose secretive manner and chequered track record belied its bland, academic-sounding name. Her initial investigations uncovered the role of US billionaire Robert Mercer in the US election campaign: his strategic “war” on mainstream media and his political campaign funding, some apparently linked to Brexit. 

She found the first indications that Cambridge Analytica might have used data processing methods that breached the Data Protection Act. That article prompted Britain’s Electoral Commission and the Information Commissioner’s Office to launch investigations whose remits include Cambridge Analytica’s use of data and its possible links to the EU referendum. These investigations are continuing, as is a wider ICO inquiry into the use of data in politics.

Cambridge Analytica is now the subject of special prosecutor Robert Mueller’s probing of the company’s role in Donald Trump’s presidential election campaign. Investigations in the UK remain live.

Guardian:       Business Insider

You Might Also Read: 

The Cambridge Analytica Scandal 'highlights need for AI regulation':

Facebook’s Head Of Policy Quits Amid Data Misuse Controversey:

Backlash: Facebook's Data-Sharing With Chinese Firms:

 

« California Passes Its Own GDPR Law
EU Creates A Unified Cyber-Force »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

S2 Grupo

S2 Grupo

S2 Grupo is the benchmark company in Europe and Latin America, for Cyber Intelligence and mission critical systems operations.

PrimeKey

PrimeKey

PrimeKey provides organisations with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation.

Olfeo

Olfeo

Olfeo is a content filtering software vendor. Our proxy and filtering solution helps our customers to manage, monitor and secure their Internet traffic.

IPN (ICT Research Platform Nederlands)

IPN (ICT Research Platform Nederlands)

IPN promotes academic research and education in the ICT field by building and maintaining a national community, and by developing policy to advance the field. Areas of focus include Cyber Security.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

Cyway

Cyway

Cyway is a value-added cybersecurity distributor focusing on on-prem, cloud solutions and hybrid solutions, IoT, AI & machine learning IT security technologies.

Thoma Bravo

Thoma Bravo

Thoma Bravo is a leading private equity firm with a 40+ year history and a focus on investing in software and technology companies.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

Stacklet

Stacklet

Stacklet provides cloud governance as code platform that accelerates how Global 2000 manages its security, asset visibility, operations, and cost optimization policies in the cloud.

Protexxa

Protexxa

Protexxa is a B2B SaaS cybersecurity platform that leverages Artificial Intelligence to rapidly identify, evaluate, predict, and resolve cyber issues for employees.

Silk Security

Silk Security

Silk is the first platform that enables enterprises to take a strategic, sustainable approach to resolving code, infrastructure and application risk.

Aardwolf Security

Aardwolf Security

Aardwolf Security specialise in penetration testing to the highest standards set out by OWASP. We ensure complete client satisfaction and aftercare.

Irys Technologies

Irys Technologies

Irys Technologies specialize in pioneering digital transformation solutions designed to streamline communications and enhance maintenance and operational efficiency for a variety of sectors.

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike is a company based in Tirana that offers full service in the field of cyber and physical security.