The UK Information Commissioner’s Office (ICO) has issued a notice of intent to levy a £500,000 fine against Facebook for breaches of the UK’s Data Protection Act 1998. The ICO found that Facebook failed to protect its users’ data and be transparent about how that data was being harvested. This failure, ICO said, did not enable users to understand how and why they may be targeted by a political party or campaign.
The fine comes as part of a larger investigation by ICO into misuse of data in political campaigns, and responds to the highly publicised allegations that Cambridge Analytica used data obtained from Facebook to target voters in the 2016 US presidential election.
The Information Commissioner said that the investigation is attempting to rebuild trust in the democratic process, that the use of technology to target individual voters should not threaten “transparency, fairness and compliance with the law.” It is the most significant investigation ever conducted by ICO.
We can’t help but wondering whether a £500,000 fine will register an effect on a multi-billion dollar company! No doubt it is loose change compared to their overall spend on addressing this scandal. Given the timing of the breaches, the ICO was unable to levy higher penalties permitted under the new European GDPR law. In any event, Facebook does not appear to be out of the woods yet – the ICO said that it would also be investigating Facebook’s use of interest categories for targeted advertising and its Partner Categories Service.