Facebook is facing its first possible financial penalty for its role in the Cambridge Analytica scandal that saw the personal data of millions of users harvested without their knowledge.
The social media giant was hit with a £500,000 ($663,000) fine for the data breaches – the maximum allowed – by the UK’s Information Commissioner’s Office (ICO) on Wednesday.
When handing down the penalty the UK’s data protection watchdog stated: “Facebook contravened the law by failing to safeguard people’s information. It also found that the company failed to be transparent about how people’s data was harvested by others.”
The fine — the first tangible punishment handed down to Facebook in the wake of the scandal — is for two breaches of the UK’s Data Protection Act 1998.
While the potential fine will be viewed as a pittance for Facebook — a view reinforced by the first quarter report that put the company’s earnings at $11.97 billion for the period — it is a warning of sorts to other companies of what may lie in store if they do not adhere to the new General Data Protection Regulation (GDPR).
Due to the timing of the breaches the ICO was unable to hit the company with much tougher penalties introduced by this new legislation directive, which could have resulted in fines of up to 4% of Facebook’s global turnover – an estimated $1.9 billion.
Elizabeth Denham, the UK’s Information Commissioner said, “Facebook has failed to provide the kind of protections they are required to under the Data Protection Act.” She added, “People cannot have control over their own data if they don’t know or understand how it is being used. That’s why greater and genuine transparency about the use of data analytics is vital.”
Facebook has a chance to respond to the Commissioner’s Notice of Intent, after which a final decision will be made, reads the statement.