The British Information Commissioner’s Office (ICO) levied the toughest fine possible — 500,000 pounds (or about $660,000) — against Facebook for allowing Cambridge Analytica to harvest the personal data of millions of people without their consent. The ICO, the agency that enforces the United Kingdom’s data protection laws, began investigating Facebook’s possible misuse of personal data in May 2017, but revelations of the Cambridge Analytica incident spurred it to complete its examination.
The New York Times reports that the ICO, in its initial report, concluded that, “Facebook contravened the law by failing to safeguard people’s information,” and that the company “failed to be transparent about how people’s data was harvested by others.” The report blames “both sides of the Brexit campaign for misusing online data to reach highly categorized segments of voters, and called for stricter policies to ensure the Internet is not misused in future elections.”
In the U.S., with regards to the Cambridge Analytica scandal, Facebook is facing scrutiny from the Justice Department, the FBI, the Securities and Exchange Commission, and the Federal Trade Commission.
The ICO is also pursuing criminal prosecution of SCL Group, “the company from which Cambridge Analytica was spun out, for not properly dealing with the agency’s enforcement actions.” Aggregate IQ, another company linked to Cambridge Analytica, also “faces punishment for its involvement.” The ICO said it is continuing its investigation.
The U.K. fine is Facebook’s first penalty with regards to this case, and Facebook “will have a chance to respond to the Information Commissioner Office’s initial report.” In a written statement, Facebook chief privacy officer Erin Egan reiterated, “we should have done more to investigate claims about Cambridge Analytica and take action in 2015.”
Wired reports that among the apps that had access to user data for six months after Facebook claimed it stopped this practice is Russian Internet behemoth Mail.ru. It was given a two-week extension “to wind down a feature on two messaging apps that enabled users to see their Facebook friend lists and message with people who also had the Mail.ru apps.”
During that time, the app had access to people’s friend lists, but “not any information about those friends’ likes or interests.” Facebook did report, however, that, “long before that extension was in place … Mail.ru ran hundreds of apps on the platform, all of which operated under Facebook’s old rules, which did allow app developers to collect their users’ friends’ data.”
Facebook is now investigating Mail.ru, “along with all other apps that had access to large quantities of user data prior to the changes.”