U.K. imposes fines on Facebook

British regulators slapped Facebook with a fine of £500,000 ($644,000) for failing to protect the privacy of its users in the Cambridge Analytica scandal. Cambridge Analytica had accessed crucial user data on Facebook without consent during the 2016 US Presidential Elections. Cambridge Analytica is a private company founded in 2013..

British regulators slapped Facebook with a fine of £500,000 ($644,000) for failing to protect the privacy of its users in the Cambridge Analytica scandal.

Cambridge Analytica had accessed crucial user data on Facebook without consent during the 2016 US Presidential Elections

Background

Cambridge Analytica is a private company founded in 2013. It uses data mining (processes that extract patterns and knowledge from big data), and data analysis “to change audience behaviour”. Based out of London, the company has offices in the United States, Brazil, and Malaysia. Cambridge Analytica partnered with Donald Trump’s presidential election campaign. According to reports, Cambridge Analytica and its affiliate SCL, have influenced over 100 campaigns over 5 continents.

Cambridge Anlytica used personal data acquired from a number of sources, including Facebook, to create micro-targeting advertisements designed to influence opinions. CEO Alexander Nix was caught on tape claiming that the company does “a lot more” than just investigation, alluding to entrapment and bribery. According to records, the Trump campaign paid the firm over $6 million.

Last year, it was announced that the UK Information Commissioner’s Office was “Conducting a wide assessment of the data-protection risk arising from the use of data analytics, including for political purposes.” It alleged that Cambridge Analytica used personal data to promote the agenda of pro-Brexit campaign group, Leave.EU.

Analysis

British regulators on Thursday slapped Facebook with a fine of £500,000 ($644,000) — the maximum possible — for failing to protect the privacy of its users in the Cambridge Analytica scandal.

The Information Commissioner Office found that between 2007 and 2014, Facebook processed the personal information of users unfairly by giving app developers access to their information without informed consent. The failings meant the data of some 87 million people was used without their knowledge.

“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data,” said Elizabeth Denham, the information commissioner. “A company of its size and expertise should have known better and it should have done better.”

The ICO said a subset of the data was later shared with other organizations, including SCL Group, the parent company of political consultancy Cambridge Analytica. News that the consultancy had used data from tens of millions of Facebook accounts to profile voters and helped U.S. President Donald Trump’s 2016 election campaign ignited a global scandal on data rights.

The fine is the maximum allowed under the law at the time the breach occurred. Had the scandal taken place after new EU data protection rules went into effect this year, the amount would have been far higher — including maximum fines of £17 million or 4 percent of global turnover, whichever is higher.

“We are currently reviewing the ICO’s decision,” Facebook said in a statement. “While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015. We are grateful that the ICO has acknowledged our full cooperation throughout their investigation.”

Facebook also took solace in the fact that the ICO did not definitively assert that U.K. users had their data shared for campaigning. But the commissioner noted in her statement that “even if Facebook’s assertion is correct,” U.S. residents would have used the site while visiting the U.K.

Cambridge Analytica claims that it did not violate any of Facebook’s policies. “Cambridge Analytica only receives and uses data that has been obtained legally and fairly. Our robust data protection policies comply with US, international, European Union, and national regulations,” it said. The company added that none of the data from the incident was used for President Trump’s campaign.

Assessment

Our assessment is that this incident demonstrates the potential for firms to weaponize, exploit, and manipulate data. Democratic institutions are particularly vulnerable to these methods. As technology advances, governments must enforce legislation, as was done by the EU through the enactment of GDPR,   to address such concerns that emerge. We believe that governments across the world have to formulate  new legislation and impose harsher punishment to address the shifting nature of social media as well as increasing threats to user data. 

Read more:

1) Facebook caught in scandal

2) Cambridge Analytica

3) Facebook leak hits 87 million

Comments