Britain’s data regulator has said it will fine Facebook half a million pounds ($660,000) for failing to protect users’ data, in an inquiry into whether personal information had been misused by campaigns on both sides of Britain’s 2016 EU referendum.
An investigation by the Information Commissioner’s Office (ICO) has focused on the social media giant since earlier this year, when evidence emerged that an app had been used to harvest the data of tens of millions of Facebook users worldwide.
In a progress report early Wednesday the watchdog said it plans to issue Facebook with the maximum fine available to it for breaches of the Data Protection Act.
“The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information,” it said, adding that the company had “failed to be transparent about how people’s data was harvested by others”.
Facebook has admitted that up to 87 million users may have had their data hijacked by British consultancy firm Cambridge Analytical, which was working for US President Donald Trump’s 2016 campaign.
Cambridge Analytical, which denies the accusations, has since filed for voluntary bankruptcy in the United States and Britain.
“We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes,” Information Commissioner Elizabeth Denham said in the statement.
“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.”
In May, Facebook chief Mark Zuckerberg apologized to the European Parliament for the “harm” caused by a huge breach of users’ data and by a failure to crack down on fake news.
The EU in May launched strict new data-protection laws allowing regulators to fine companies up to 20 million euros ($24 million) or four percent of annual global turnover.
But the IOC said because of the timing of the incidents involved in its inquiry, the penalties were limited to those available under previous legislation.
The next phase of the ICO’s work is expected to be concluded by the end of October.
“As we have said before, we should have done more to investigate claims about Cambridge Analytical and take action in 2015,” Erin Egan, chief privacy officer at Facebook, said.
“We have been working closely with the ICO in their investigation of Cambridge Analytical, just as we have with authorities in the US and other countries. We’re reviewing the report and will respond to the ICO soon.”
The British fine comes as Facebook faces a potential hefty compensation bill in Australia, where litigation funder IMF Bentham said it had lodged a complaint with regulators over the Cambridge Analytical breech — thought to affect some 300,000 users in Australia.
IMF investment manager Nathan Landis told The Australian newspaper most awards for privacy breaches ranged between Aus$1,000 and Aus$10,000 (US$750-$7,500).
This implies a potential compensation bill of between Aus$300 million and Aus$3 billion.