Facebook fined for Cambridge Analytica scandal
Company’s $645K penalty is biggest fine allowed under EU’s old rules
BRUSSELS— Facebook Inc. was slapped with a symbolic $645,000 (U.S.) fine by the U.K.’s privacy regulator for “serious” violations of data protection rules that paved the way for the Cambridge Analytica scandal.
The fine is the highest possible for the Information Commissioner’s Office under old rules that predated this year’s European Union revamp of privacy penalties.
The ICO said that between 2007 and 2014, “Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent.”
The revelations that data belonging to millions of Facebook users and their friends may have been misused triggered a global backlash from investors and regulators. The ICO has led the European investigations into how such an amount of data — most belonging to U.S. and U.K. residents — could have ended up in the hands of Cambridge Analytica, a consulting firm that worked on Donald Trump’s presidential campaign. “Facebook also failed to keep the personal information secure because it failed to make suitable checks on apps and developers using its platform,” the ICO said Thursday.
“These failings meant one developer, Dr. Aleksandr Kogan, and his company GSR, harvested the Facebook data of up to 87 million people worldwide, without their knowledge.” Kogan is the researcher who collected users’ information and subsequently sold it to Cambridge Analytica.
The U.K.’s privacy commissioner, Elizabeth Denham, who attended a privacy conference in Brussels on Thursday, said in the statement that “a company of its size and expertise should have known better and it should have done better,” referring to the social-network giant.