Data breach – Facebook fined R9m
Britain’s data regulator said on Wednesday it would fine Facebook just under half a million pounds for failing to protect user data, as part of its investigation into whether personal information was misused before the Brexit referendum.
The Information Commissioner’s Office (ICO) began investigating the social media giant earlier in 2018, when evidence emerged that an app had been used to harvest the data of tens of millions of Facebook users worldwide.
In the worst public relations disaster yet for the company, Facebook admitted that up to 87 million users might have had their data hijacked by British consultancy firm Cambridge Analytica, which was working for US President Donald Trump’s 2016 campaign.
Cambridge Analytica, which also had meetings with the Leave.EU campaign ahead of Britain’s EU referendum in 2016, denies the accusations and has filed for bankruptcy in the United States and Britain.
“In 2014 and 2015, the Facebook platform allowed an app . . . that ended up harvesting 87 million profiles of users around the world that was then used by Cambridge Analytica in the 2016 presidential campaign and in the referendum,” information commissioner Elizabeth Denham said.
Wednesday’s report said: “The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information.”
It said the company had “failed to be transparent about how people’s data was harvested by others”.
The ICO said it planned to issue Facebook with the maximum available fine for breaches of the Data Protection Act – £490,000 (R8.7m).
Because of the timing of the breaches, the ICO said it was unable to impose penalties that had since been introduced by the European General Data Protection Regulation, which would cap fines at 4% of a company’s global turnover.
In Facebook’s case this would amount to about $1.6bn (R21.4bn).
“In the new regime, they would face a much higher fine,” Denham said. “We are at a crossroads. “Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes,” she said.
“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.
“But this cannot be at the expense of transparency, fairness and compliance with the law.”
In May, Facebook chief Mark Zuckerberg apologised to the European Parliament for the harm caused.
EU justice commissioner Vera Jourova welcomed the ICO report.
“It shows the scale of the problem and that we are doing the right thing with our new data protection rules,” she said.
“Everyone from social media firms, political parties and data brokers seem to be taking advantage of new technologies and micro-targeting techniques with very limited transparency and responsibility towards voters,” she said.
“We must change this fast as no-one should win elections using illegally obtained data.
“We will now assess what can we do at the EU level to make political advertising more transparent and our elections more secure.” –