UK data watchdog hits Facebook with maximum fine over Brexit breaches
‘Trust in the integrity of our democratic processes risks being disrupted because the average voter has little idea of what is going on behind the scenes’
London — Britain’s data regulator will fine Facebook £500,000 for failing to protect users’ data, in an inquiry into whether personal information was misused by campaigns on both sides of Britain’s 2016 Brexit referendum.
An investigation by the Information Commissioner’s Office (ICO) has focused on the social media giant since earlier this year, when evidence emerged that an app had been used to harvest the data of tens of millions of Facebook users worldwide.
In a progress report early on Wednesday the watchdog said it plans to issue Facebook with the maximum fine available to it for breaches of the Data Protection Act.
"The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information," it said. The company "failed to be transparent about how people’s data was harvested by others", it said.
Facebook has admitted that up to 87-million users may have had their data hijacked by British consultancy firm Cambridge Analytica, which was working for US President Donald Trump’s 2016 campaign.
Cambridge Analytica, which denies the accusations, has since filed for voluntary bankruptcy in the US and Britain.
"We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes," information commissioner Elizabeth Denham said in the statement.
"New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law."
In May, Facebook CEO Mark Zuckerberg apologised to the European Parliament for the "harm" caused by a huge breach of users’ data and by a failure to crack down on fake news.
The EU in May launched strict new data-protection laws allowing regulators to fine companies up to €20m or 4% of annual global turnover.
But the IOC said because of the timing of the incidents involved in its inquiry, the penalties were limited to those available under previous legislation.
The next phase of the ICO’s work is expected to be concluded by the end of October.
Facebook’s chief privacy officer, Erin Egan, said: "As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015.
"We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We’re reviewing the report and will respond to the ICO soon."
The British fine comes as Facebook faces a potential hefty compensation bill in Australia, where litigation funder IMF Bentham said it had lodged a complaint with regulators over the Cambridge Analytica breech — thought to have affected about 300,000 users in Australia.
IMF investment manager Nathan Landis told The Australian newspaper most awards for privacy breaches ranged between A$1,000 and A$10,000 (US$750-$7,500).
This implies a potential compensation bill of between A$300m and A$3bn.