Facebook has been fined £500,000 by the Information Commissioner’s Office in the wake of the Cambridge Analytica scandal, after allowing third party developers to access user information without sufficient consent.
The ICO announcement on Thursday upholds its initial decision in July. The fine, which represents a drop in the ocean for a company that brought in $40.7bn (£31.5bn) in global revenue in 2017, was the maximum available to the regulator under old data protection legislation.
The ICO found that the personal information of at least 1 million UK users was among harvested data and was consequently put at risk of further misuse. It also insisted that the company could have faced a substantially higher fine of up to £1.2bn under the new regulatory system.
The investigation found that Facebook failed to keep the personal information of its users secure by failing to make suitable checks on developers using its platform.
These failings meant one developer, Aleksandr Kogan, was able to convince 300,000 people to install a personality testing application that fed back the Facebook data of both users and their friends, enabling him to harvest the profiles of up to 87 million people worldwide without their knowledge.
A subset of the data was later shared with other organisations, including SCL Group, the parent company of Cambridge Analytica, which was involved in running targeted Facebook adverts in US political contests, only to collapse earlier this year following a series of reports by the Observer.
The investigation also concluded, based on information provided by Facebook, that it did not currently have any evidence that British users’ social media data was shared with Cambridge Analytica.
However, the information commissioner said that in any eventuality the lack of controls meant the data of UK residents was “put at serious risk” of being used for political campaigning – even if this did not actually take place.
“Even after the misuse of the data was discovered in December 2015, Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion,” said the ICO report. “In the case of SCL Group, Facebook did not suspend the company from its platform until 2018.”
For more read the full of article at The Guardina