News, Culture & Society

Facebook agrees to pay £500,000 for failing to protect users’ privacy in Cambridge Analytica scandal

Facebook finally agrees to pay £500,000 fine in UK for failing to protect the privacy of its users in the Cambridge Analytica scandal after a year of wrangling

  • Facebook exposed users’ personal info to app developers without their consent 
  • Cambridge Analytica was accused of using this data to target voters in Britain 
  • Facebook has agreed to accept the fine without admitting any liability

Facebook has agreed to pay a fine of £500,000 following an investigation into the misuse of personal data in political campaigns.

The Information Commissioner’s Office (ICO) announced on Wednesday that the tech giant had withdrawn its appeal against the ‘monetary penalty notice’ and would accept the fine without admitting any liability.

In 2017 the ICO opened a wide-ranging investigation into the use of data analytics for political purposes and issued the penalty to the tech giant in October 2018.

The investigation found that between 2007 and 2014 Facebook processed user data by letting third-party app developers access personal information without the user’s informed consent.

Facebook has been fined the maximum amount possible by the Information Commissioner (pictured, CEO Mark Zuckerberg at the F8 summit in California)

The most high-profile aspect of this was political consulting firm Cambridge Analytica after it was found to have harvested data, which resulted in multiple investigations and fines.

Cambridge Analytica, which closed in 2018, is said to have worked with Donald Trump on his US presidential campaign run by whistleblower Christopher Wylie.

In the UK, the firm was accused of using the data to target potential leave voters in the 2016 Brexit referendum.

Facebook’s settings at the time allowed app developers to access the personal data of not just the people who used their app, but of all of their friends as well.

Facebook has agreed to pay a fine of £500,000 following an Information Commissioner´s Office investigation into the misuse of personal data in political campaigns

Facebook has agreed to pay a fine of £500,000 following an Information Commissioner´s Office investigation into the misuse of personal data in political campaigns

How can Information Commissioner fine firms for breaches? 

Because Facebook shared data before 2018, it was fined just £500,000 – as opposed the millions it could have been landed with today. 

The Information Commissioner has the power to fine firms who have infringed data regulations. 

The regulator may issue fines based on the nature, gravity and duration of the infringement.

The type of data involved will be considered alongside factors such as how the breach came to light. 

Facebook was fined the maximum possible for the time the breach occurred. 

But had it occurred today, the firm could have been fined more than £17million as the General Data Protection Regulation was implemented in May this year  

The ICO also said in its 2018 complaint that the social media company did not take action quickly enough after the misuse of data was discovered in 2015.

The breach was thought to affect 87 million worldwide users with at least one million people based in the UK. The ICO later found no evidence that any UK user’s data was shared with Cambridge Analytica.

Following the ICO’s findings and issue of the penalty in October 2018, Facebook launched an appeal the following month.

In June 2019, an interim decision was made by the appeal court where the ICO was asked to disclose files about its decision-making process in order to examine potential bias against Facebook.

The ICO appealed against this decision in September before both parties came to the agreement announced on Wednesday.

Both appeals will now be withdrawn and Facebook and the ICO will pay their own legal costs. The fine will be paid to the Treasury.

ICO deputy commissioner James Dipple-Johnstone said: ‘The ICO’s main concern was that UK citizen data was exposed to a serious risk of harm.

Cambridge Analytica founder Alexander Nix told the Parliament’s Digital, Culture, Media and Sport Committee in 2018 that his company had not received data from Facebook

Cambridge Analytica founder Alexander Nix told the Parliament’s Digital, Culture, Media and Sport Committee in 2018 that his company had not received data from Facebook

‘Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy.

‘We are pleased to hear that Facebook has taken, and will continue to take, significant steps to comply with the fundamental principles of data protection.’

Facebook director and associate general counsel Harry Kinmonth said: ‘We are pleased to have reached a settlement with the ICO. As we have said before, we wish we had done more to investigate claims about Cambridge Analytica in 2015.

‘We made major changes to our platform back then, significantly restricting the information which app developers could access.

‘Protecting people’s information and privacy is a top priority for Facebook, and we are continuing to build new controls to help people protect and manage their information.’

The ICO’s wider investigation into the use of data analytics for political campaigning is ongoing.

Facebook is now able to continue with its own internal investigations into the Cambridge Analytica scandal on the direction of the ICO.

What is the Cambridge Analytica scandal?

Consultancy firm Cambridge Analytica had offices in London, New York, Washington, as well as Brazil and Malaysia.

The company boasted it can ‘find your voters and move them to action’ through data-driven campaigns and a team that includes data scientists and behavioural psychologists. 

In 2013, Cambridge professor Aleksandr Kogan used his app, This Is Your Digital Life, to ask 270,000 Facebook users questions about their personalities.

By answering them, the users granted Kogan access to not only their profiles but to those of their friends.

He subsequently sold that information to Cambridge Analytica for $51million.

Facebook changed its rules in 2014 to limit what data such apps could access.

A year later, the company learned that Kogan had sold his findings and contacted both him and Cambridge Analytica to tell them to delete the data which they promised to do.

In March, Facebook made its announcement that it had suspended Cambridge Analytica after being warned of looming media reports that claimed not all of the information had been destroyed.

Those reports, which were informed by the accounts of whistleblowers who worked at the firm, also revealed the true scale of the breach.  

It was initially estimated that the firm was able to mine the information of 55 million Facebook users even though just 270,000 people gave them permission to do so.

But Facebook later since revealed the number was actually as high as 87 million. 

The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.

The same information is said to have been used to help the Brexit campaign in the UK.  

Read more at DailyMail.co.uk



Find local lawyers and law firms at USAttorneys.com