The UK’s data protection watchdog found the social media giant guilty of two breaches of the Data Protection Act – failing to safeguard users’ information and failing to be transparent about how people’s data was “harvested” by others.
In the first quarter of 2018, Facebook took £500,000 in revenue every five and a half minutes. Because of the timing of the breaches, the ICO said it was unable to levy the penalties introduced by the European General Data Protection (GDPR), which caps fines at the higher level of €20m (£17m) or 4% of global turnover – in Facebook’s case, $1.9bn (£1.4bn). The £500,000 cap was set by the Data Protection Act 1998.
Kyle Taylor, director of campaigning group Fair Vote UK said “Under new GDPR (General Data Protection Regulation) laws, the ICO could fine Facebook £479m.
“Unfortunately, because they had to follow old data protection laws, they were only able to fine them the maximum of £500,000. This is unacceptable,” he said.
Information Commissioner Elizabeth Denham said “this is not all about fines” adding that companies were also worried about their reputation.
She said the impact of behavioural advertising, when it came to elections, was “significant” and called for a code of practice to “fix the system”.
Such a code, she argued, would ensure that “elections are fair and people understand how they are being micro-targeted”.
The action comes 16 months after the ICO began its probe into political campaigners’ use of personal data following concerns raised by whistleblower Christopher Wylie, among others.
Mr Wylie, a former employee of Cambridge Analytica – a London-based political consulting firm – told the Observer and New York Times his company had made unauthorised use of personal data harvested from millions of Facebook users.
The ICO found that Facebook had breached its own rules and failed to make sure that Cambridge Analytica had deleted this personal data.
While Cambridge Analytica insisted it had indeed wiped the data after Facebook’s erasure request in December 2015, the ICO said it had seen evidence that copies of the data had been shared with others.
“This potentially brings into question the accuracy of the deletion certificates provided to Facebook,” said an ICO spokesperson.
All information is provided on an as-is basis. Where we allow Bloggers to publish articles on our platform please note these are not our opinions or views and we have no affiliation with the companies mentioned