After all the madness that happened with Facebook, they now have to pay for their chaos. In July, we heard of possible hefty penalties to be levied on Facebook by the UK Information Commissioner’s Office over the Cambridge Analytica scandal. Now, after two months, the UK ICO has provided its verdict. As disclosed, the service must pay a sum of £500,000 over its failure to protect users’ privacy.
UK ICO Finalizes Facebook Fine Of £500,000
On October 25, 2018, the UK Information Commissioner’s Office has announced its final decision regarding the Facebook fine. As a consequence of the infamous Cambridge Analytica scandal, Facebook now has to pay a fine of GBP 500,000 (approx. USD 640K).
The ICO has shared its verdict on their website with the public, which clearly states the reasons behind this decision, primarily the data protection law breaches. The amount levied as the fine is the “maximum allowable” penalty under the laws prevailing at the time of occurrence of the incident.
the ICO explained:
“The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had.”
The ICO states the other reason was failure to have “suitable checks” on third-party apps. Because of Facebook’s non-compliance, developer Kogan succeeded in accessing 87 million records of Facebook users. In addition, Facebook also did not pay enough attention to possible mitigation efforts after the breach.
Even after the misuse of the data was discovered in December 2015, Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion. In the case of SCL Group, Facebook did not suspend the company from its platform until 2018.
The breach affected at least 1 million UK Facebook users. Consequently, the UK ICO conducted their investigations and has finalized their decision to penalize Facebook with the maximum fine allowed legally under the Data Protection Act 1998.
Facebook Marginally Escaped GDPR Fines
Though the present fine seems large, Facebook should still feel lucky that they weren’t investigated under GDPR. Otherwise, the new Data Protection Act 2018 and EU’s GDPR would have levied vastly larger penalties on the firm. According to the Information Commissioner Elizabeth Denham,
“We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR.”
Under the new rules the maximum fines are up to 17 million, or 4 percent of the global turnover.
In response, a Facebook spokesperson told ZDNet,
We are currently reviewing the ICO’s decision. While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015… Now that their investigation is complete, we are hopeful that the ICO will now let us have access to CA servers so that we are able to audit the data they received.
Let us know your views about this news by commenting below.