Citing non-transparency and failure to safeguard private user data, British regulators are slapping a £500,000 fine on Facebook, which stands accused of two breaches of the UK’s Data Protection Act in relation to the Cambridge Analytical scandal.
It’s a drop in the bucket in terms of money lost for Facebook, but it’s symbolic nature is nonetheless significant: It’s the first big fine related to this scandal.
Regulators from the UK Information Commissioner’s Office (ICO) said the fine, which comes in at about $660,000, is just a small part of a much wider investigation into data abuse.
“Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes,” ICO head Elizabeth Denham said in a statement.
The ICO is also seeking criminal prosecution for SCL, the parent company of the now-defunct political data analytics firm Cambridge Analytica.
An investigation into Facebook’s activities and its connection with Cambridge Analytica was opened in February, leading to the revelation that the social media giant allowed an app to harvest 87 million user profiles around the world. That data was then used by Cambridge Analytica in the 2016 US presidential campaign and the UK Brexit referendum.
The ICO said it will also be sending warning letters and audit notices to 11 political parties.
Denham described the inquiry as “the most important investigation that the ICO has ever undertaken”, and it’s bent on pursuing the directors of SCL, which declared bankruptcy in May.
Facebook may have kicked Cambridge Analytica off its platform, but it was too little, too late. The damage had already been done, and from the ICO’s perspective, Facebook could have and should have done more to stop the industrial-scale data-harvesting.
As for Facebook, chief privacy officer Erin Egan stated only that “We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We’re reviewing the report and will respond to the ICO soon.” Related: 10 Countries Feeling The Heat As The Trade War Escalates
And if you think the $660,000 fine is nothing—you’re right. Facebook was taking in that much every five and a half minutes in the first quarter of this year, according to the Guardian.
But that’s all the ICO was capable of, having been limited by a cap set by the 1998 Data Protection Act.
If data-harvesting on a similar scale happens in the future, though, the fine could be much bigger. New rules have recently been added to the European General Data Protection (GDPR). That means new penalties, as well. Next time around, the cap would be either £17 million (about $22 million) or 4 percent of global turnover, whichever is higher. That would hurt in Facebook’s case because it would mean a fine of nearly $2 billion.
The ICO isn’t kidding around. To Denham, this isn’t just about punishing Facebook—it’s about restoring faith in democracy.
Fines and prosecutions, Denham said, may “punish the bad actors”, but the true goal here is to “effect change and restore trust and confidence in our democratic system.”
“Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes,” she said.
It’s not likely to stop with the UK, either. Australian media report that 311,000 Australian users who had their data potentially affected by the Facebook scandal may end up seeking class action compensation for privacy breaches that could total between $300 million and $3 billion.
By Damir Kaletovic for Safehaven.com
More Top Reads From Safehaven.com:
