This week Facebook received a £500,000 fine over the Cambridge Analytica scandal. When taking into consideration the scale of data breach this might seem like a slap on the wrist, however, under the old GDPR laws, this is the maximum possible fine that could be imposed.
The information Commissioner’s Office (ICO) stated that Facebook had let a “serious breach” of the law take place while giving developers access to people’s data “without clear consent.” The ICO had already made its intentions to issue the maximum fine back in July of 2018.
In a statement about the fine, the ICO said “between 2007 and 2014, Facebook possessed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had.” Continuing “Facebook also failed to keep the personal information secure because it failed to make suitable checks on apps and developers using its platform.”
What was the Cambridge Analytica data scandal?
A researcher going by the name of Dr Aleksandr Kogan, and his company GSR created and used a personality quiz on Facebook to harvest the data of 87 million users of the site. Some of this data was shared with a company called Cambridge Analytica, which was using the data to target political advertising in the USA.
How was the data misused?
- A Facebook quiz quiz invited users to find their personality type.
- The app collected data of the user taking the quiz and the public data of their friends.
- Up to 87 million users data was gathered but only 305,000 people had installed the app.
- Claims arose some of the data was sold to Cambridge Analytica, which used the data to psychologically profile US voters.
- Cambridge Analytica denies breaking any laws and states it did not use the data during the US presidential election.
- Facebook send users notices to inform them if their data was breached.
More than one million people in the UK had their data harvested by the personality quiz, the ICO had found.
Elizabeth Denham, an ICO commissioner said, “A company of its size and expertise should have known better and it should have done better”