UK ICO fines Facebook with maximum for Cambridge Analytica scandal
26.10.2019 securityaffairs
Social

Facebook has been fined £500,000 by the UK’s Information Commissioner’s Office (ICO) for the Cambridge Analytica privacy scandal that exposed data of 87 million users.
The announcement was made by the UK’s data protection regulator, Information Commissioner Elizabeth Denham.

“The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had.” she said.

This is the first possible financial punishment that Facebook was facing for the Cambridge Analytica scandal.

According to the ICO data from at least 1 million British citizens was “unfairly processed,” the organization blames Facebook because it has “failed to take appropriate technical and organisational measures” to prevent the abuse of users’ data.

The ICO also accused Facebook to have “failed to make suitable checks on apps and developers using its platform.”

“The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had,” states the ICO.

“Even after the misuse of the data was discovered in December 2015,” continues the ICO, “Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion. In the case of SCL Group, Facebook did not suspend the company from its platform until 2018.”

Facebook Data Breach

Social network giant announced it is reviewing the ICO’s penalty and is asking to access Cambridge Analytica servers to analyze data they collected.

“We are grateful that the ICO has acknowledged our full co-operation throughout their investigation and have also confirmed they have found no evidence to suggest UK Facebook users’ data was in fact shared with Cambridge Analytica,” a Facebook spokesperson said.

“Now that their investigation is complete, we are hopeful that the ICO will now let us have access to CA servers so that we are able to audit the data they received.”

I personally believe that this fine is just symbolic if we compare it with potential penalties faced by the social network giant under EU’s General Data Protection Regulation (GDPR). GDPR establishes a maximum fine of 20 million euros or 4% of company annual global revenue (roughly£1.26 billion).