The UK Information Commissioner’s Office (ICO) followed through with its plan to fine Facebook £500,000 ($645,000 or AU$912,000) over the harvesting of users’ data.
It said in its penalty notice that data from at least one million British users was “unfairly processed” and that Facebook “failed to take appropriate technical and organisational measures” against it.
The fine over theis the maximum amount allowed under the Data Protection Act 1998. The ICO issued back in July.
“We are currently reviewing the ICO’s decision. While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015,” a Facebook spokesperson said in an emailed statement.
“We are grateful that the ICO has acknowledged our full cooperation throughout their investigation, and have also confirmed they have found no evidence to suggest UK Facebook users’ data was in fact shared with Cambridge Analytica.”
The fine is a fraction of the amount Facebook could have faced if the(GDPR) — the EU law that gives its citizens more control over their personal data — had been in effect when the data was shared. It would’ve allowed for a maximum fine of 20 million euros or 4 percent of a company’s annual global revenue from the year before, whichever is higher.
The social media giant’s annual revenue in 2017 was nearly $40 billion, resulting in a possible fine of $1.6 billion under the GDPR rules.
The ICO didn’t immediately respond to a request for further comment.
On Wednesday, Erin Egan, Facebook’s chief privacy officer, told a privacy conference at the European Parliament in Brussels that the company would support comprehensive federal privacy regulation in the US.