The Facebook/Cambridge Analytica data breach has been significant both for data privacy and for politics. On 10 July 2018, the Information Commissioner’s Office published a progress report on its investigations into this specific breach and the wider landscape of personal data use (and misuse) in the political arena.

The notice of intention to levy a £500,000 fine against Facebook for failure to safeguard data and to be transparent with subjects about data use, has of course garnered the most attention. It should be noted that similar findings in relation to a breach covered by the GDPR could have exposed Facebook to a maximum fine of 4% of the company’s global turnover, equating to £479m or $635m.

But equally significant are the indications that further scrutiny will fall on the political parties and campaign groups who until now have used the data harvested by these activities, and the data brokers who have facilitated that access. Even Cambridge Analytica’s defunct parent SCL Elections does not look likely to escape unscathed. Despite filing for insolvency, it looks set to be in the firing line for criminal sanctions.

The consequences of this story look set to unfold for some time to come.