Facebook in probe over data use
A TOTAL of 30 organisations, including Facebook, are being investigated by the Information Commissioner’s Office (ICO) as part of its probe into the use of personal data for political purposes.
A day after the social media giant said 87 million people – including more than one million Britons – could have had their profile information “improperly” shared with Cambridge Analytica (CA), the ICO confirmed it was investigating how the data was collected and made available to the political research group.
Information Commissioner Elizabeth Denham said the ICO was also “conducting a broader investigation into how social media platforms were used in political campaigning” and said she would be “making clear public policy recommendations to help us understand how our personal data is used online and what we can do to control how it’s used”.
The body – which has the power to prosecute or fine any companies that it believes have breached data protection laws – said it was not releasing a full list of the 30 organisations under investigation, but confirmed that Facebook and CA are among them.
Ms Denham added: “Facebook has been co-operating with us and, while I am pleased with the changes they are making, it is too early to say whether they are sufficient under the law.”
Shortly before yesterday’s announcement, Culture Secretary Matt Hancock tweeted that he would be meeting with Facebook next week and said: “I expect Facebook to explain why they put the data of over a million of our citizens at risk. This is completely unacceptable, and they must demonstrate this won’t happen again.” CA has been warned it could face compensation claims from affected Facebook users if it is established that it used their data for political purposes “without having a lawful basis for doing so”.
Sean Humber, an information lawyer from law firm Leigh Day, said: “Ultimately, people have a legal right to know if Cambridge Analytica hold information about them and, if they do, what information they hold and what they have done with it. If there is no adequate response to these requests, legal action can be taken to require them to comply.”
CA said it is “not a data controller for any information on UK citizens” and is not in breach of the Data Protection Act, adding that it had deleted all the data from research company GSR, which collected it using a personality app.
“Cambridge Analytica deleted all GSR data and its derivatives after we were told that Facebook’s terms of services had been broken, and we certified this to Facebook,” it said in a statement.
Facebook will next week begin getting in touch with users whose information may have been improperly shared with CA.
Aside from the CA scandal, Facebook is under scrutiny after revealing that “most” of its two billion users could have had their public profile harvested for information after the company said “malicious actors” had abused a feature that allowed individuals to search for people by their phone number or email address.
Facebook founder Mark Zuckerberg is due to address the US Congress next week but will not appear in front of UK MPs, despite repeated requests to do so by Damian Collins, chairman of the Commons Digital, Culture, Media and Sport Committee.
It is too early to say whether they are sufficient under the law. Information Commissioner Elizabeth Denham on changes made by Facebook.