The Information Commissioner’s Office (ICO) has issued a maximum fine of £500,000 to Facebook for the first time for data protection mistakes which resulted in the Cambridge Analytica scandal.
The fine was imposed based on the calculation using the UK’s old Data Protection Act 1998 which can levy a maximum penalty of £500,000 which is actually equal to the amount Facebook earns every 18 minutes.
The news was however not a surprise as U.K.’s data privacy watchdog has notified Facebook in July that the commission was about to issue the a fine.
It was revealed earlier this year, that personal information of 87 million users was inaccurately gathered and misused by political consultancy firm Cambridge Analytica, who was reportedly helped Donald Trump win the US presidency in 2016. Since then Facebook was under inspection.
The ICO launched an investigation on the Cambridge Analytica scandal in March and they claim that around 1 million British citizens data were “unfairly processed.” Facebook could not take technical and organizational measures to prevent the data from getting into the wrong hands.
Based on the investigation conducted by the ICO between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without any proper consent. They even permitted access even of those users who had not downloaded the app, but were just ‘friends’ with people who had.
Facebook failed to properly check the apps and developers using its platform that led to the exposure of personal data of up to 87 million people worldwide without their awareness.
As a response to the ICO’s announcement, Facebook said that they are reviewing the ICO decision. According to a Facebook spokesperson, ICO has acknowledged the company’s full co-operation throughout their investigation and ICO have confirmed that they could not find any evidence to suggest UK Facebook users’ data was in fact shared with Cambridge Analytica.
The investigation process has been completed and the tech giant believes that the ICO will permit them to have access to CA servers to audit the data they received.
The fine of £500,000 fine is just a drop in the ocean for a company like Facebook which has £31.5 billion as global revenue.
If the issue was under the EU’s General Data Protection Regulation (GDPR), the penalty would have been even more for these types of data breaches where a company can face a maximum fine of 20 million euros or 4% of its annual global revenue, whichever is higher.