Facebook given another maximum fine for breaches of data protection law

This morning, the ICO announced issued a fine to Facebook for the misuse of personal data in regards to political advertising. The ICO had been investigating claims that, between 2007-2014, Facebook “processed the personal information of users unfairly by allowing developers access to their information without sufficiently clear and informed consent”.

In practice, this meant those who were friends with anyone who had downloaded a particular app had their information taken by the app’s developers. This meant that the data of 87 million people worldwide had their data processed by app developers without their knowledge and also had their data shared with 3^rd parties, including Cambridge Analytica.

Furthermore, the ICO concluded that Facebook had not taken adequate action to redress the situation once they had discovered the actions of the developers.

ICO Commissioner, Elizabeth Denham, said:

“We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR. One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data.

“Our work is continuing. There are still bigger questions to be asked and broader conversations to be had about how technology and democracy interact and whether the legal, ethical and regulatory frameworks we have in place are adequate to protect the principles on which our society is based.”

This fine highlights the important debate surrounding how data is used ethically today. The DMA continues to conduct research in this area and contribute to discussions in industry and government.

Chris Combemale, Group CEO of the DMA:

“All businesses must be upfront and transparent about how they collect and use their customers’ data. The benefits of sharing data must also be clear and the consumers must be in control. We know people want this – research the DMA conducted earlier this year found 88% of people in the UK want more transparency around how their data is used. We outline how businesses can do this in our own Code, which calls for all DMA UK members to be accountable for how they use personal data. This is a key challenge that all businesses need to address if they are to build trust with consumers and long-term relationships that can benefit both the business and the customer.”