Facebook is facing a £500,000 fine in the United Kingdom over its role in the Cambridge Analytica data scandal.
On Wednesday, the UK’s Information Commissioner’s Office (ICO) said the fine is the maximum amount permitted under UK law and has been imposed due to two breaches of the Data Protection Act 1998.
The UK data watchdog also intends to launch a criminal prosecution against SCL Elections Ltd, Cambridge Analytica’s now-defunct parent company, for failing to properly deal with the ICO’s investigation.
The data-harvesting escapades of Cambridge Analytica, which impacted up to 87 million users in the US, UK, and beyond, has been the focus of a recent ICO investigation.
Information was “improperly shared” with the company, without user consent, for the purpose of voter profiling.
According to an ICO update on the investigation published by Information Commissioner Elizabeth Denham, the agency has concluded that “Facebook contravened the law by failing to safeguard people’s information […] the company failed to be transparent about how people’s data was harvested by others.”
TechRepublic: Facebook F8: The breakdown for IT pros
Facebook has the opportunity to respond to the watchdog’s findings, after which a final decision on the £500,000 fine will be made.
The fine has been imposed under UK law before the formal introduction of the EU’s General Data Protection Regulation (GDPR) due to the timing of the scandal.
The social network giant told the BBC that the company will respond to the report “soon.”
“Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes,” said Denham. “New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness, and compliance with the law.”
The Information Commissioner added that fines and prosecutions are part of the process, but her true intent is to “effect change and restore trust and confidence in our democratic system.”
See also: If Facebook worked we wouldn’t be in this mess | Trump-linked data firm Cambridge Analytica harvested data on 50 million Facebook profiles to help target voters | Data breach exposes Cambridge Analytica’s data mining tools | How Cambridge Analytica used your Facebook data to help elect Trump | Cambridge Analytica: The future of political data is in the enterprise | Cambridge Analytica: ‘We know what you want before you want it’ | Election tech: The truth about the impact of political big data
In addition to the intended fine, the ICO has also turned its gaze towards 11 political parties, demanding their agreement to audits of their data protection practices.
Aggregate IQ, a Canadian marketing firm linked to the Leave campaign, has also received an enforcement notice to stop processing data retained and belonging to UK citizens.
Concerns have been raised against Emma’s Diary. The ICO says it intends to take regulatory action against the data broker, which is used by the Labour party.
The ICO has also called for the UK government to introduce a code of practice which outlines how personal data can be used in future political campaigns.
CNET: Twitter, Facebook, Instagram scammers swindle superfans, report finds
Previous and related coverage
Adjust these Facebook privacy settings to protect your personal data How to tell if Cambridge Analytica accessed your Facebook data How Facebook scales AI
Government – UK