Facebook agrees to pay £500,000 for failing to protect users’ privacy in Cambridge Analytica scandal

Facebook has agreed to pay a fine of £500,000 following an investigation into the misuse of personal data in political campaigns.

The Information Commissioner’s Office (ICO) announced on Wednesday that the tech giant had withdrawn its appeal against the ‘monetary penalty notice’ and would accept the fine without admitting any liability.

In 2017 the ICO opened a wide-ranging investigation into the use of data analytics for political purposes and issued the penalty to the tech giant in October 2018.

The investigation found that between 2007 and 2014 Facebook processed user data by letting third-party app developers access personal information without the user’s informed consent.

The most high-profile aspect of this was political consulting firm Cambridge Analytica after it was found to have harvested data, which resulted in multiple investigations and fines.

Cambridge Analytica, which closed in 2018, is said to have worked with Donald Trump on his US presidential campaign run by whistleblower Christopher Wylie.

In the UK, the firm was accused of using the data to target potential leave voters in the 2016 Brexit referendum.

Facebook’s settings at the time allowed app developers to access the personal data of not just the people who used their app, but of all of their friends as well.

Facebook has agreed to pay a fine of £500,000 following an Information Commissioner´s Office investigation into the misuse of personal data in political campaigns

The ICO also said in its 2018 complaint that the social media company did not take action quickly enough after the misuse of data was discovered in 2015.

The breach was thought to affect 87 million worldwide users with at least one million people based in the UK. The ICO later found no evidence that any UK user’s data was shared with Cambridge Analytica.

Following the ICO’s findings and issue of the penalty in October 2018, Facebook launched an appeal the following month.

In June 2019, an interim decision was made by the appeal court where the ICO was asked to disclose files about its decision-making process in order to examine potential bias against Facebook.

The ICO appealed against this decision in September before both parties came to the agreement announced on Wednesday.

Both appeals will now be withdrawn and Facebook and the ICO will pay their own legal costs. The fine will be paid to the Treasury.

ICO deputy commissioner James Dipple-Johnstone said: ‘The ICO’s main concern was that UK citizen data was exposed to a serious risk of harm.

Cambridge Analytica founder Alexander Nix told the Parliament’s Digital, Culture, Media and Sport Committee in 2018 that his company had not received data from Facebook

‘Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy.

‘We are pleased to hear that Facebook has taken, and will continue to take, significant steps to comply with the fundamental principles of data protection.’

Facebook director and associate general counsel Harry Kinmonth said: ‘We are pleased to have reached a settlement with the ICO. As we have said before, we wish we had done more to investigate claims about Cambridge Analytica in 2015.

‘We made major changes to our platform back then, significantly restricting the information which app developers could access.

‘Protecting people’s information and privacy is a top priority for Facebook, and we are continuing to build new controls to help people protect and manage their information.’

The ICO’s wider investigation into the use of data analytics for political campaigning is ongoing.

Facebook is now able to continue with its own internal investigations into the Cambridge Analytica scandal on the direction of the ICO.