UK privacy watchdog fines Facebook £500k

12 Jul 2018

Information Commissioner Elizabeth Denham this week released her office’s updated report into the use of data in political campaigns (10 July 2018).

The Commissioner subsequently announced a record-breaking fine of £500,000 against Facebook, reflecting Ms Denham’s view of the seriousness of Facebook’s breaches.

You will recall that in March 2017, amid some controversy surrounding the use of personal data in political campaigns, the ICO commenced an investigation into whether personal data had been misused by both “Leave” and “Remain” sides of the referendum on EU membership.

In May 2018 the ICO widened the scope of its inquiries. The ICO was now looking at data analytics companies, political parties and the large social media platforms.

The updated report gives more particulars of the individuals and entities under investigation, as well as ICO Enforcement measures to date.

To recap: Cambridge Analytica and Facebook have been at the centre of the inquiry since February this year, when, spectacularly, the scandal broke. In short, evidence came to light that an app had been created and deployed to “harvest”, or gather,  the personal data of an estimated 50 million Facebook users across the world. Later this figure rose and is now estimated at 87 million.

The ICO’s inquiry concluded that Facebook broke the law by failing to take adequate steps to safeguard user’s personal data. The ICO went on to state that this failure was compounded by the ICO’s finding that Facebook lacked transparency about how this breach occurred.

Facebook has now been fined £500,000. They will have a right to make representations to the Commissioner’s Notice of Intent. The decision will then be finalised.

The ICO has also undertaken the following enforcement actions [source ICO office 11.07.18):

(1) warning letters to 11 political parties and notices regarding audits of their data protection policies;

(2) Enforcement Notice for SCL Elections Ltd;

(3) Criminal proceedings for SCL Elections Ltd;

(4) Enforcement Notice for Aggregate IQ to cease and desist processing retained personal data of UK citizens;

(5) Notice of Intent against data broker Emma’s Diary (Lifecycle Marketing (Mother and Baby) Ltd); and

(6) audits of the main credit reference companies and Cambridge University Psychometric Centre

When interviewed on the BBC Radio 4’s Today programme (11 July 2018), Ms Denham indicated the fine would have been significantly higher had the new GDPR regulations been in force at the time of the breaches.

Further reading

Encouraging staff back to the workplace following lockdown - how far can an employer push it?

Simon Bellm considers the extent to which an employer can require an employee to attend at the workplace, where they are reluctant to do so due to a Covid related reason.
Read more Read

DMH Stallard confirms merger with divorce specialists Brookman Solicitors

Blog, News & PR
Leading south east law firm DMH Stallard announces its merger with family law firm Brookman Solicitors.  
Read more Read

The UK Economy: calm before the storm?

Blog, Legal Updates
Insolvency expert Oliver Jackson considers the numbers and the outlook following a year of economic disruption
Read more Read

Consultation on Right to Regenerate

Blog, Legal Updates
Proposals give members of the public the right to ask for unused land or buildings to be sold. Holly Stevenson looks at the plan.
Read more Read
  • Brighton Office

    1 Jubilee Street


    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street


    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road



    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax


    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane


    EC4A 3BF

  • Get in touch