UK privacy watchdog fines Facebook £500k

12 Jul 2018

Information Commissioner Elizabeth Denham this week released her office’s updated report into the use of data in political campaigns (10 July 2018).

The Commissioner subsequently announced a record-breaking fine of £500,000 against Facebook, reflecting Ms Denham’s view of the seriousness of Facebook’s breaches.

You will recall that in March 2017, amid some controversy surrounding the use of personal data in political campaigns, the ICO commenced an investigation into whether personal data had been misused by both “Leave” and “Remain” sides of the referendum on EU membership.

In May 2018 the ICO widened the scope of its inquiries. The ICO was now looking at data analytics companies, political parties and the large social media platforms.

The updated report gives more particulars of the individuals and entities under investigation, as well as ICO Enforcement measures to date.

To recap: Cambridge Analytica and Facebook have been at the centre of the inquiry since February this year, when, spectacularly, the scandal broke. In short, evidence came to light that an app had been created and deployed to “harvest”, or gather,  the personal data of an estimated 50 million Facebook users across the world. Later this figure rose and is now estimated at 87 million.

The ICO’s inquiry concluded that Facebook broke the law by failing to take adequate steps to safeguard user’s personal data. The ICO went on to state that this failure was compounded by the ICO’s finding that Facebook lacked transparency about how this breach occurred.

Facebook has now been fined £500,000. They will have a right to make representations to the Commissioner’s Notice of Intent. The decision will then be finalised.

The ICO has also undertaken the following enforcement actions [source ICO office 11.07.18):

(1) warning letters to 11 political parties and notices regarding audits of their data protection policies;

(2) Enforcement Notice for SCL Elections Ltd;

(3) Criminal proceedings for SCL Elections Ltd;

(4) Enforcement Notice for Aggregate IQ to cease and desist processing retained personal data of UK citizens;

(5) Notice of Intent against data broker Emma’s Diary (Lifecycle Marketing (Mother and Baby) Ltd); and

(6) audits of the main credit reference companies and Cambridge University Psychometric Centre

When interviewed on the BBC Radio 4’s Today programme (11 July 2018), Ms Denham indicated the fine would have been significantly higher had the new GDPR regulations been in force at the time of the breaches.

Further reading

Temporary relaxation of right to work check requirements to end on 16 May

Blog, Legal Updates
The Home Office has confirmed that the temporary Covid-19 adjusted right to work check measures will cease on 16 May 2021, but what does this mean for employers?
Read more Read

The good divorce

In Samantha Jago’s experience, the golden rule for an amicable divorce doesn’t exist, but a big dose of realism goes a long way
Read more Read

DMH Stallard welcomes new colleagues to city office

Blog, News & PR
Our Family team has grown as we introduce our new colleagues from our recent merger with Brookman Solicitors
Read more Read

A bit of a buzz – new electrical safety regulations switched on

Blog, Legal Updates
Private landlords must now ensure all tenancies comply with new safety regulations; Kristine Ng considers the new rules
Read more Read
  • Brighton Office

    1 Jubilee Street


    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street


    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road



    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax


    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane


    EC4A 3BF

  • Get in touch