Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsUK Privacy Office to Issue Maximum Fine for Facebook Over Cambridge Analytica
The United Kingdom Information Commissioner’s Office intends to fine Facebook the maximum allowed under the law for its role in the Cambridge Analytica scandal. According to the ICO, Facebook failed to ensure that the company deleted users’ data and breached its own internal rules.
The ICO began its investigation into the use of personal data by political campaigners about 16 months ago following concerns raised by a Cambridge Analytica employee and others. The news about Facebook and Cambridge Analytica broke in the United States in March and Congress heard testimony from Facebook CEO Mark Zuckerberg in April.
ICO also intends to bring a criminal action against the parent company of Cambridge Analytica, SCL Elections. SCL Elections and Cambridge Analytica filed for bankruptcy earlier this year and shut down as a result of lost clients and legal fees.
The fine of £500,000 is the maximum allowed under the old privacy law in the UK. The maximum fine has been raised under the European Union General Data Protection Regulation (GDPR) to €20 million or 4% of annual global revenues, whichever is higher. Under GPDR, the fine could have been as high as $1.6 billion as a result of Facebook’s 2017 revenue of $40.6 billion. Facebook is already facing inquiries about its use of forced consent under the GDPR.
Experts have predicted that the fine from the United States Federal Trade Commission (FTC) over Cambridge Analytica could run into the billions. Facebook agreed to a consent order with the FTC in 2011 to settle a prior investigation into allegations of misconduct with respect to data privacy. The FTC has already confirmed that it is conducting a non-public investigation into privacy practices at Facebook. In the Congressional hearings in April, Zuckerberg indicated that the social networking company did not notify the FTC about Cambridge Analytica.
Since Cambridge Analytica, there have been other privacy problems at Facebook, including revelations that the company allowed nearly sixty phone and device manufacturers access to an API with user data despite telling the world that it shut down third-party access to a substantial amount of user data several years ago.
Congress is also considering legislation to reform how privacy is handled online by websites and mobile applications. California recently took matters into its own hands and adopted the California Consumer Privacy Act to ensure that consumers in CA had the right to opt out of the sale of their personal information as well as the right to request its deletion by companies.
The ICO fine will likely be followed by announcements of fines by other EU countries. There is no timetable for the imposition of fines by either the EU or the United States.
Other Blog Posts on Facebook:
Three Steps to Prepare for a Record Privacy Fine Against Facebook
Vendor Risk Management Lessons Coming From Facebook
Facebook, FTC Hearings Top Privacy News Yesterday
Vendor Risk Management at Facebook Back in Headlines
Facebook Updates on App Privacy Investigation, Bans myPersonality
Warning from Facebook Stock Drop: Take Privacy Seriously!
SEC Investigates Facebook for Non-Disclosure of Cambridge Analytica Risks
Senate Consumer Protection Subcommittee Further Explores Facebook Data Privacy
Facebook Answers Senate Questions on Privacy
Privacy Bills in Congress Get Boost From Facebook’s Latest Data Scandal
Germany Demands More From Facebook on GDPR
Overview of the Facebook-Cambridge Analytica Data Privacy Scandal
Contact Clarip for Help with Your Privacy Program
The Clarip data privacy software and team are available to help improve privacy practices at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If you are working towards GDPR compliance, we can help through our modular GDPR software. Whether you are starting the process with GDPR data mapping software, need privacy impact assessment software, or looking to meet ePrivacy requirements with cookie consent manager, Clarip can help strengthen your privacy program.
If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with our consent software.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
