£500,000 fine for data protection breaches intended for Facebook

The action is a result of the ICO’s investigation into political campaigners’ use of personal data. In particular in 2014- 2015 Facebook allowed an app to be used by Cambridge Analytica for psychological profiling.

The ICO found that Facebook had breached its own rules and failed to safeguard user’s data and was not transparent as to how the data could be used.

The fine Facebook is to receive is the maximum penalty allowed under the Data Protection Act 1998 but is unlikely to greatly financially impact the £445bn company. It is worth noting that maximum fines under the General Data Protection Regulation (GDPR) which came into force this year are far higher (20 million euros or 4 percent of global turnover) but this legislation was not in force at that time.  The information commissioner has said that the fine could have been hundreds of millions of pounds had the events happened after the implementation of the GDPR.

Whilst Facebook face a fine, Cambridge Analytica’s parent company face criminal prosecution for failing to deal with the ICO’s enforcement notice. This company has now been declared bankrupt.

These incidents highlight the reputational and economical risks a business faces if it doesn’t comply with data protection legislation. In particular, it looks at the developing idea of behavioural targeting of commercial entities and the lack of awareness that users have over how they can be targeted.

If you or your business are still unsure on whether your practices are GDPR compliant, please contact a member of the Employment Team who will be happy to discuss this.

This content is correct at time of publication