Cambridge-Analytica Fiasco Aftermath: Facebook to pay $645,000 Fine under UK Law

The fallout against Facebook has started, caused by the user data exposure breach due to its Cambridge-Analytica fiasco, starting with the UK’s ICO (Information Commissioner’s Office). ICO has slapped the social media giant a whopping $645,000 of initial fines due to the breach, under the 1998 UK Data Protection Act, the security breach also affects UK citizens. $645,000 is a tiny amount for Facebook; it signifies how the UK treats its Data Protection Act very seriously.

From Facebook’s point-of-view, they are facing the issues head-on without any prejudice to the decision of the ICO. “We are currently reviewing the ICO’s decision. While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015. We are grateful that the ICO has acknowledged our full cooperation throughout their investigation, and have also confirmed they have found no evidence to suggest UK Facebook users’ data was in fact shared with Cambridge Analytica. Now that their investigation is complete, we are hopeful that the ICO will now let us have access to CA servers so that we are able to audit the data they received,” explained Facebook.

The reality behind the fine is Facebook’s luck, as the United Kingdom is in the process of Brexit, the ICO has not used the GDPR against the social media giant. Under GDPR, a regional law covering all the member states of the European Union, the maximum fine for a breach is 4% of Facebook’s global revenue. That can be an approximate $1.6 billion hole in Facebook’s pocket, which it will surely be felt even by a multibillion-dollar company such as Facebook.

The ICO has used the three questions below to fully determine that Facebook is guilty and needs to be fined accordingly:

1. Who had access to the Facebook data scraped by Dr. Kogan, or any datasets derived from it?
2. Given Dr. Kogan also worked on a project commissioned by the Russian Government through the University of St Petersburg, did anyone in Russia ever have access to this data or datasets derived from it?
3. Did organizations who benefited from the scraped data fail to delete it when asked to by Facebook, and if so where is it now?

Damian Collins, the House of Common’s chair of the Digital, Culture, Media and Sports Committee has focused the issue with Facebook’s culpabilities under UK law. “Given that the ICO is saying that Facebook broke the law, it is essential that we now know which other apps that ran on their platform may have scraped data in a similar way. This cannot by the left to a secret internal investigation at Facebook. If other developers broke the law we have a right to know, and the users whose data may have been compromised in this way should be informed. Facebook users will be rightly concerned that the company left their data far too vulnerable to being collected without their consent by developers working on behalf of companies like Cambridge Analytica. Facebook needs to provide answers on these important points. Facebook’s response during our inquiry has been consistently slow and unsatisfactory. The receivers of SCL elections should comply with the law and respond to the enforcement notice issued by the ICO. It is also disturbing that AIQ has failed to comply with their enforcement notice,” concluded Collins.