The UK’s Information Commissioner’s Office (ICO) today fined Facebook £500,000 for serious breaches of data protection law, the maximum amount it is authorised to issue.
The fine by the country’s independent data watchdog related to the American social media giant’s role in the Cambridge Analytica data scandal, which hit the headlines earlier this year.
The ICO said between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply “friends” with people who had.
The fine has been served under the UK’s Data Protection Act, which provides a range of enforcement tools, including maximum fines of 17 million pounds or 4 per cent of global turnover.
The ICO concluded that Facebook failed to keep the personal information secure in absence of suitable checks on apps and developers using its platform. These failings meant one developer, Aleksandr Kogan and his company GSR, harvested the Facebook data of up to 87 million people worldwide, without their knowledge.
A subset of this data was later shared with other organisations, including SCL Group, the parent company of Cambridge Analytica who were involved in political campaigning in the US. Even after the misuse of the data was discovered in 2015, Facebook did not do enough to ensure remedial action.
SCL Group, a British behavioural research and strategic communication company, had announced its closure in May in the wake of the scandal. Its activities were spread worldwide, including India, where it reportedly did data analysis during election campaigns. The ICO is still investigating how data analytics is used for political purposes. — AP
