Facebook receives $664,000 UK privacy fine, which could have been $1.9B under GDPR
A US FTC investigation could also bring billions more in potential penalties.
Facebook has received a £500,000 fine ($664,000) in the UK resulting from the Cambridge Analytica data-harvesting scandal. The fine was imposed, according to the Information Commissioner’s Office (ICO), because Facebook failed to properly safeguard user information from third-party exploitation or be transparent about how personal data was potentially being used.
The revelations surrounding Cambridge Analytica and its mining of Facebook data in support of Brexit and the Trump election campaign came in March of this year. The fallout continues in Europe and the US.
Authorized under UK data protection law, the £500,000 fine was the maximum allowed given the timeline of events (2015-2016). However, had the events in question occurred after May 25 of this year, when Europe’s General Data Protection Regulation (GDPR) went into effect, the penalty could have been much more severe: up to almost $2 billion (4 percent of Facebook’s annual revenues).
The ICO fine comes in the midst of a broader investigation of data harvesting and usage by a wide range of organizations in the UK. Facebook itself continues to face various European investigations and lawsuits over privacy and data practices and could potentially see more financial penalties.