First Financial Penalty for Facebook: UK Slaps Maximum Fine Over Cambridge Analytica Scandal


The Silicon Valley tech giant is facing its first financial penalty as the United Kingdom has imposed the maximum penalty of £500,000 (around $664,000) over Facebook's Cambridge Analytica data misuse scandal.

The UK's data protection watchdog, the Information Commissioner’s Office, has found the company lacking sufficient privacy protections and failing to catch third party companies like Cambridge Analytica misusing its users' data despite warnings. "The social network has yet to decide if it will to try to reduce the sum," BBC reported this evening.

WhatsApp Message Reactions are Finally Available to All Users

The watchdog also plans to bring criminal charges against Cambridge Analytica's defunct parent company SCL Elections.

UK's message to Facebook? Break the laws, put millions of users at security risk, and then get away with just £500k

While the ICO has announced going for the maximum possible financial fine, the number could change following any discussions between the watchdog and the social networking monopoly. The Washington Post reported that an update to the case is expected later this year, in October.

The number could have been much more significant if this incident would have happened after the GDPR rules went live in May, which threatens the companies with up to 4% of their global annual sales as a penalty if they fail to protect their users. The ICO's fine is capped at the maximum of 500,000 pounds that it could go for under the previous privacy rules. While an insignificant amount for a tech giant, it could encourage several other similar charges from countries around the world.

"Facebook has failed to provide the kinds of protections they’re required to do under data protection laws,” Information Commissioner Elizabeth Denham said. The penalty “sends a clear signal that I consider this a significant issue, especially when you look at the scale and the impact of this kind of data breach."

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law." - Denham

In response to this announcement, Facebook said that it "should have done more to investigate claims about Cambridge Analytica and take action in 2015" when it was first informed about the incident but chose to push it under the rug. "We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries," Erin Egan, Facebook’s chief privacy officer, added in his statement. "We’re reviewing the report and will respond to the ICO soon.”