UK privacy watchdog fines Facebook £500k

12 Jul 2018

Information Commissioner Elizabeth Denham this week released her office’s updated report into the use of data in political campaigns (10 July 2018).

The Commissioner subsequently announced a record-breaking fine of £500,000 against Facebook, reflecting Ms Denham’s view of the seriousness of Facebook’s breaches.

You will recall that in March 2017, amid some controversy surrounding the use of personal data in political campaigns, the ICO commenced an investigation into whether personal data had been misused by both “Leave” and “Remain” sides of the referendum on EU membership.

In May 2018 the ICO widened the scope of its inquiries. The ICO was now looking at data analytics companies, political parties and the large social media platforms.

The updated report gives more particulars of the individuals and entities under investigation, as well as ICO Enforcement measures to date.

To recap: Cambridge Analytica and Facebook have been at the centre of the inquiry since February this year, when, spectacularly, the scandal broke. In short, evidence came to light that an app had been created and deployed to “harvest”, or gather,  the personal data of an estimated 50 million Facebook users across the world. Later this figure rose and is now estimated at 87 million.

The ICO’s inquiry concluded that Facebook broke the law by failing to take adequate steps to safeguard user’s personal data. The ICO went on to state that this failure was compounded by the ICO’s finding that Facebook lacked transparency about how this breach occurred.

Facebook has now been fined £500,000. They will have a right to make representations to the Commissioner’s Notice of Intent. The decision will then be finalised.

The ICO has also undertaken the following enforcement actions [source ICO office 11.07.18):

(1) warning letters to 11 political parties and notices regarding audits of their data protection policies;

(2) Enforcement Notice for SCL Elections Ltd;

(3) Criminal proceedings for SCL Elections Ltd;

(4) Enforcement Notice for Aggregate IQ to cease and desist processing retained personal data of UK citizens;

(5) Notice of Intent against data broker Emma’s Diary (Lifecycle Marketing (Mother and Baby) Ltd); and

(6) audits of the main credit reference companies and Cambridge University Psychometric Centre

When interviewed on the BBC Radio 4’s Today programme (11 July 2018), Ms Denham indicated the fine would have been significantly higher had the new GDPR regulations been in force at the time of the breaches.

Further reading

Permitted Development Rights and the revised NPPF: Article 4 directions

Blog, Legal Updates
A revised National Planning Policy Framework has just been published. Holly Stevenson focuses on the change to Article 4 Directions
Read more Read

Can commercial lessees now ‘relax’ given the extended Government moratorium on forfeiture for non payment of rent?

Legal Updates
Property Litigation Partner, Keith Pearlman, doesn't think so and explains why they could be in for a nasty shock from 1 October of this year
Read more Read

Excluding and limiting liability: How to play your cards right

John Yates considers the art of crafting clauses to reduce risk
Read more Read

Update on the rules concerning the changes to Crown Preference

Blog, Legal Updates
As corporate insolvencies remain low, a clear picture of how the partial reintroduction of Crown Preference is likely to impact on businesses, and on lender practices, has yet to emerge. Oliver Jackson provides an update
Read more Read
  • Brighton Office

    1 Jubilee Street


    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street


    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road



    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax


    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane


    EC4A 3BF

  • Get in touch