Facebook hit with huge fine for failing to protect its users' privacy
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Facebook has been hit with a huge fine for failing to protect its users' privacy.
The UK Information Commissioner's Office will force the company to pay £500,000 for allowing people to take its users personal data in the Cambridge Analytica scandal.
“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data," said Elizabeth Denham, information commissioner. "A company of its size and expertise should have known better and it should have done better.”
The fine is the maximum possible punishment that the ICO can issue, because the Cambridge Analytica breach happened before the new GDPR rules came into effect in May. It was served under the Data Protection Act 1998.
If the breach were to happen now, the ICO would be able to offer far more significant punishment. GDPR allows for a range of tools, including fines of up to £17 million or 4 per cent of global turnover.
“We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation," said Ms Denham. "The fine would inevitably have been significantly higher under the GDPR. One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data.
The Information Commissioner Office found that between 2007 and 2014, Facebook processed the personal information of users unfairly by giving app developers access to their information without informed consent. The failings meant the data of some 87 million people was used without their knowledge.
The ICO said a subset of the data was later shared with other organisations, including SCL Group, the parent company of political consultancy Cambridge Analytica. News that the consultancy had used data from tens of millions of Facebook accounts to profile voters and help U.S. President Donald Trump's 2016 election campaign ignited a global scandal on data rights.
"We are currently reviewing the ICO's decision," Facebook said in a statement. "While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015. We are grateful that the ICO has acknowledged our full cooperation throughout their investigation."
Facebook also took solace in the fact that the ICO did not definitively assert that UK users had their data shared for campaigning. But the commissioner noted in her statement that "even if Facebook's assertion is correct," US residents would have used the site while visiting the UK.
Additional reporting by agencies
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments