After all the noise and headache, Facebook is finally (about to be) fined – in the U.K at least, where the company has to pay £500,000 ($664,000). The decision comes after the UK’s Information Commissioner’s Office (ICO) concluded the social network has broken the law.
Facebook Gets Its First Fine Following Cambridge Analytica
This is Facebook’s first actual fine after the Cambridge Analytica broke. As for the amount of the fine – £500,000 is the maximum sum allowed by the U.K.’s Data Protection Act 1998. As a comparison, the fine equals Facebook’s earning every 8 minutes.
The U.K.’s ICO launched an investigation in March this year said that Facebook failed to protect users’ data and as a result it fell into the hands of Cambridge Analytica.
Several months ago, a whistleblower revealed that Cambridge Analytica used personal information taken without any authorization in the beginning of 2014. This information was used to profile individual US voters and target them with personalized political ads.
The whistleblower, Christopher Wylie, partnered with a Cambridge University academic to gather the data. This is what he said in a conversation with the Observer:
We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.
What is worse is that Facebook found out about the information exploit… and did nothing to alert its users. The company “took limited steps to recover and secure the private information of more than 50 million individuals”.
As for the ICO’s decision to fine Facebook, Britain’s privacy watchdog also concluded that the social network failed to be transparent about the methods of handling users’ personal information and how it was harvested by third parties. This directly violated the country’s Data Protection Act, as explained in a detailed ICO report:
A significant finding of the ICO investigation is the conclusion that Facebook has not been sufficiently transparent to enable users to understand how and why they might be targeted by a political party or campaign.
Nonetheless, it is still possible for Facebook to respond to the ICO’s Notice of Intent before the final decision on the fine is outlined.
In return, Facebook said they would respond to the ICO report in the near future:
We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries […] We’re reviewing the report and will respond to the ICO soon,” Facebook’s chief privacy officer, Erin Egan, said in a statement.
U.K.’s ICO is also considering going against Cambridge Analytica’s parent company SCL Elections and CA’s ex-CEO. The social network is also facing a probe by the U.S. Federal Trade Commission (FTC) where a fine can be proposed as well.
Following all the scandalous privacy-related events, Facebook announced in April launching a Data Abuse Bounty program where people will be rewarded for reporting misuse of data by application developers. The Data Abuse Bounty was inspired by the already existing bug bounty program that Facebook uses to uncover and address security issues, and should will help in the disclosure of violations of the platform’s policies.