An ICO investigation found that between 2007 and 2014, Facebook “processed the personal information of users unfairly” for a number of reasons related to data protection and data consent. It’s not the first fine Facebook has been handed, having previously had to pay up to the EU for its shady tax affairs, but it is one of the first for its inappropriate use of user data. So, what does this mean for Facebook? What does it mean for social networks? And why’s the fine so darned small?
Why Did Facebook Get Fined?
It’s all to do with Cambridge Analytica, the data analytics company believed to have helped propel Trump to the White House and push the UK out of the EU. During the ICO’s investigation of Facebook, it found that: These failings allowed Dr Aleksandr Kogan, a Moldovan-born data scientist, and his company GSR to create the app which harvested the Facebook data of up to 87 million people around the world without their knowledge. Some of this data was then shared with organisations including Cambridge Analytica, which went on to use it for targeted political campaigning in the US. But Facebook’s big failing was that even after it discovered the misuse of data in December 2015 it didn’t take nearly enough action to put a stop to it. In fact, Facebook didn’t suspend Cambridge Analytica’s parent company, SCL Group, from the platform until March this year. All told, it’s a big black mark against Facebook. It didn’t do enough to protect its users’ data, and when it found out the data was being misused, it didn’t act quickly or fully enough to stop it.
Why Was the Fine so Small?
Basically, Facebook got lucky. As the incidents took place before May 2018, the ICO couldn’t operate under the new EU-wide GDPR rules; instead, it had to work under the UK-specific Data Protection Act 1998. This bit of legalese basically means that the ICO could only issue Facebook a fine of up to £500,000. The agency first announced that it planned to punish Facebook in July, and despite the social network’s efforts to fight the agency’s decision, the ICO went ahead with the fine. If the ICO had been able to prosecute Facebook under the new GDPR ruling, the consequences would have been severe. The maximum fine allowed under GDPR is either £17 million (nearly $22 million) or 4% of global turnover; in Facebook’s case, this could run to several billion dollars.
What is the ICO?
The ICO, according to its website, is “the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.” In practice, it’s the authority’s job to cast a watchful eye over the way companies, organizations and UK government institutions use data. So if a company collects personal data from inside the UK, or from people in the UK, the ICO should — in theory — be watching it. Read More About Dodgy Data Use:
How Facebook is Flagging False NewsIs Artificial Intelligence Doomed To Reflect The Worst In All Of Us?Politicians Are Too Out of Touch to Make Laws About TechGoogle Shutting Down Google+ Social Network After Massive Data Breach