The Information Commissioner’s Office intends to fine Facebook £500,000 – the maximum penalty allowed – for failing to safeguard users’ data, but that fine would be significantly larger within the new GDPR regime.
The social media giant is being fined for breaching data protection laws and not telling tens of millions of people how Cambridge Analytica harvested their information for use in political campaigns.
Commenting on the news, Christopher Littlejohns, EMEA manager at Synopsys, said: “The intended £500K fine imposed on Facebook for the Cambridge Analytica scandal is a salutary lesson to companies operating within the European region. The underlying contraventions are considered by regulatory authorities to be on the top end of the scale of violations of data privacy. Should this or a similarly grave issue happen now, fines within the new GDPR regime could easily cost Facebook $100’s of millions of dollars of revenue.
“Such fines are potentially so large they can significantly affect operating margin, and ultimately share prices of large companies. Personal data collectors and aggregators are particularly at risk to these issues, due to the scale and value of the data they collect; and consequently should be extremely vigilant and diligent in their custodianship of such data.
“Companies that do not undertake effective risk analysis, data privacy management, ongoing diligence, and open communication with users and authorities when breaches occur will potentially face severe business impediments at best, and existential threats at worst.”
Data was gathered by Facebook in 2014 through a personality quiz, which collected data of those taking the quiz and their friends. It is claimed that some of that data was sold to Cambridge Analytica to help psychologically profile voters in the United States.
The BBC reports that Facebook has said it will respond to the ICO report “soon”.
