Facebook faces maximum penalty for data breach in the UK

The social media giant faces a $662,000 fine for lack of transparency and failure to protect its user' data
11 July 2018

Facebook COO Sheryl Sandberg. Source: Shutterstock

A lot has been discussed about the Cambridge Analytica scandal so far but no real action had been taken against Facebook for the role it played.

True, the social media giant made negative news headlines, its CEO Mark Zuckerberg testified at a congressional hearing, and the company is said to have lost a ‘few’ users.

Up until now, no government body or committee said Facebook, as a company, was guilty – but that changed yesterday as the UK’s Information Commissioner fined Facebook GBP500,000 (US$662,000) for its role in the scandal.

And although the official wordings say that Information Commissioner Elizabeth Denham only intends to fine Facebook for two breaches of the Data Protection Act 1998, its a bold step towards actually holding the company responsible for their actions.

“We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes. New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness, and compliance with the law,” said Denham.

The fine by itself, according to Reuters’ estimates, is less than 10 minutes worth of revenue for the social media firm worth US$590 billion, but is the maximum amount allowed and emphasizes how regulators are finding fault in Facebook’s business practices.

“Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system,” Denham explained.

According to the progress report issued by the Information Commissioner’s Office (ICO), Facebook contravened the law by failing to safeguard people’s information and failed to be transparent about how people’s data was harvested by others.

In a second report, the ICO highlighted why it is concerned about Facebook’s involvement in political ads and how their targeting mechanisms might influence voters.

The ICO’s investigations concluded that Facebook has not been sufficiently transparent to enable users to understand how and why they might be targeted by a political party or campaign.

The Facebook ads preference settings allow users to block individual ads, or block ads from a particular advertiser, so they are able to ask not to receive adverts from a particular political party, but they do not allow them to block political advertising based on issues.

This is an issue that political advertisers increasingly care about, as demonstrated in recent election campaigns.

Individuals can opt out of particular interests, and that is likely to reduce the number of ads they receive on political issues, but it will not completely block them.

“These concerns about transparency lie at the core of our investigation. Whilst these concerns about Facebook’s advertising model exist in relation in general terms and its use in the commercial sphere, the concerns are heightened when these tools are used for political campaigning,” concluded the report.

Facebook has a chance to respond to the Commissioner’s Notice of Intent, after which a final decision will be made – changing Denham’s intent into (official) action.