Facebook set for £500,000 fine from UK regulators over Cambridge Analytica

Facebook thumbs downFacebook is facing a fine of £500,000 from the UK’s data protection watchdog for its failures regarding people’s information during the Cambridge Analytica incident.

Facebook’s failure to protect personal data and its lack of transparency about how this data was harvested by third parties has led to the Information Commissioner’s Office’s (ICO) statement of intent to issue the social media company was the maximum fine under the Data Protection Act 1998.

The ICO was forced to only seek a £500,000 fine from Facebook as a result of both the incident happening and the investigation being launched before the implementation of the General Data Protection Regulation (GDPR). Had the ICO been able to fine the social network under GDPR, the fine could have run up to nearly £500m.

Nonetheless, Facebook has a chance to respond to the ICO’s Notice of Intent, following which a final decision will be made on the fine.

In addition to Facebook’s slap on the wrist, the ICO will seek criminal prosecution for Cambridge Analytica’s defunct parent company, SCL Elections. Any criminal proceedings would relate to the company’s failure to respond in sufficient manner to a request from Professor David Carroll, a US academic, for a copy of any personal information the firm owned.

Due to the company no longer existing, it’s likely the ICO will pursue criminal proceedings against the company’s former directors.

On top of this, the ICO has served an Enforcement Notice to Aggregate IQ – which worked with the Vote Leave campaign during the EU referendum period – requesting that it stops processing data belonging to US citizens. And a Notice of Intent regarding regulatory action has been served to a data broker called Emma’s Diary, which offers medical advice to pregnant women and had been used by the Labour Party.

Meanwhile, the ICO has also sent out warning letters to 11 political parties, along with notices urging them to agree to audits for their data protection practices, and has begun audits of the main credit reference companies and Cambridge University Psychometric Centre.