Facebook must pay UK's ICO £500,000 over the pre-GDPR Cambridge Analytica scandal
Facebook has been formally fined £500,000 by the UK's Information Commissioner's Office (ICO) over its role in the Cambridge Analytica scandal. On Thursday, the ICO said the fine is now final and cannot be changed.
The fine has been imposed in connection to a data-sharing scandal which led to the abuse of data belonging to up to 87 million users in the UK, US, and beyond. The ICO's investigation found that between 2007 and 2014, Facebook permitted the "unfair" sharing of user data with developers without "clear and informed consent." "Facebook also failed to keep the personal information secure because it failed to make suitable checks on apps and developers using its platform," the UK regulator said. "Even after the misuse of the data was discovered in December 2015, Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion."
The ICO said in July that in addition to the fine, the regulator plans to launch a criminal prosecution against SCL Elections Ltd, Cambridge Analytica's now-defunct parent company, after failing to work with the ICO during its investigation into the scandal. The ICO has only been able to issue a fine under the DPA as the breach occurred before May 25, 2018, the day that the EU's General Data Protection Regulation came into force. Under the new rules, however, any new breaches can result in companies being fined up to €20 million, or 4 percent of annual global turnover -- whichever is higher.