UK data watchdog to fine Facebook £500k after information 'harvested'
Britain's data watchdog intends to fine Facebook £500,000 for breaches of the Data Protection Act.
The Information Commissioner's Office (ICO) said the social media giant broke the law by failing to safeguard people's information and failing to be transparent about how people's data was harvested by others.
The ICO also announced it proposes to bring criminal action against SCL Elections, the parent company of Cambridge Analytica.
Despite the proposed fine being a record for the watchdog, campaigners said it was "unacceptable", as under new data laws the penalty could have totalled hundreds of millions of pounds.
Facebook, with Cambridge Analytica, has been the focus of the ICO's investigation since February when evidence emerged that an app had been used to harvest the data of 50 of the platform's users around the world.
The total is now estimated at 87 million, the ICO said.
In March 2017 the ICO began looking into whether personal data had been misused by campaigns on both sides of the UK's 2016 EU referendum.
It later launched an investigation that included political parties, data analytics companies and major social media platforms. The progress report yesterday gives details of some of the organisations and individuals under investigation, as well as enforcement actions so far.
This includes the ICO's intention to fine Facebook a maximum £500,000 for two breaches of the Data Protection Act 1998.
Facebook has a chance to respond to the Commissioner's Notice of Intent, after which a final decision will be made.
As well as the proposed fine, the regulator also announced a criminal prosecution of SCL Elections for allegedly failing to comply with an enforcement notice. The ICO had ordered the company to allow an academic to access the data it held.
SCL Elections was liquidated in the wake of the scandal. Other regulatory action set out in the report includes warning letters to 11 political parties and notices compelling them to agree to audits of their data protection practices.
Information Commissioner Elizabeth Denham said: "Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.
"New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law."
The next phase of the ICO's work is expected to be concluded by the end of October.
Damian Collins, chair of the DCMS committee said: "Given that the ICO is saying that Facebook broke the law, it is essential we know which other apps that ran on their platform may have scraped data in a similar way. This cannot by left to a secret internal investigation at Facebook.
Erin Egan, chief privacy officer at Facebook, said: "We're reviewing the report and will respond to the ICO soon."
Kyle Taylor, director of Fair Vote UK, said: "Unfortunately, because they had to follow old data protection laws, they were only able to fine them the maximum of £500,000. This is unacceptable."