Britain’s data and information watchdog has fined Facebook more than $644,000 for serious breaches of data protection laws.
“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data,” Elizabeth Dunham, the UK’s information commissioner, said in a statement Thursday. “A company of its size and expertise should have known better and it should have done better,” she added.
The £500,000 fine is the maximum penalty under the law at the time the Information Commissioner’s Office (ICO) concluded an investigation into the social network following the Cambridge Analytica revelations.
The regulator found that between 2007 and 2017, Facebook unfairly allowed third party developers access to the private data of users without informed consent, and failed to make adequate checks on apps and developers using its platform.
“We are currently reviewing the ICO’s decision. While we respectfully disagree with some of their findings … we are grateful that the ICO has acknowledged our full cooperation throughout their investigation, and have also confirmed they have found no evidence to suggest UK Facebook users’ data was in fact shared with Cambridge Analytica,” a Facebook spokesman told ABC News.
“We are hopeful that the ICO will now let us have access to CA servers so that we are able to audit the data they received,” the Facebook spokesperson added.
The Cambridge Analytica scandal earlier this year revealed that one developer, GSR, harvested private data from up to 87 million Facebook users around the world without their knowledge.
Some of this data was then shared with other organizations including SCL Group, the parent company to data analytics firm Cambridge Analytica which worked on digital political campaigning in the 2016 election.
The story was originally reported in a Guardian investigation after a Cambridge Analytica whistleblower described how the firm allegedly compiled data from Facebook to target voters.
Cambridge Analytica, which was dissolved after the investigation was opened, said in May: “No data from GSR was used by Cambridge Analytica as part of the services it provided to the Donald Trump 2016 presidential campaign.”
In the U.K., the ICO found that at least 1 million British users were among those whose private data had been compromised.
