Facebook has agreed to pay a £500,000 fine imposed by the UK’s data protection watchdog for its role in the Cambridge Analytica data scandal.
It had originally appealed the penalty, causing the Information Commissioner’s Office to pursue its own counter-appeal. As part of the agreement, Facebook has made no admission of liability.
Facebook will pay a £500,000 fine following an investigation into the use of personal data in political campaigns, the Information Commissioner’s Office (ICO) says.
The social media giant made no admission of liability but agreed to pay the fine, which was originally imposed in October 2018.
The ICO last year said it would fine Facebook over breaches including the Cambridge Analytica scandal in which user data was harvested from tens of millions of people, including at least one million British users.
Facebook initially appealed the fine and a court ordered the ICO to disclose files about its decision-making process in order to examine potential bias against the social media company.
The ICO appealed against this decision, but both parties have since dropped their appeals. The investigation is still ongoing.
James Dipple-Johnstone, deputy commissioner for the ICO, said: “The ICO’s main concern was that UK citizen data was exposed to a serious risk of harm.
“Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy. We are pleased to hear that Facebook has taken, and will continue to take, significant steps to comply with the fundamental principles of data protection.”
A spokesperson for Facebook said they wished the company had “done more” to investigate claims about Cambridge Analytica in 2015.
A Cambridge Analytica sign is pictured at the entrance of the building which houses the offices of Cambridge Analytica, in central London on March 21, 2018. Facebook expressed outrage over the misuse of its data as Cambridge Analytica, the British firm at the centre of a major scandal rocking the social media giant, suspended its chief executive.
Harry Kinmonth, director and associate general counsel of Facebook said: “We made major changes to our platform back then, significantly restricting the information which app developers could access.”
He added that the ICO had not given any evidence that the data of Facebook users in the EU was transferred to Cambridge Analytica by Dr Aleksandr Kogan.
The ICO alleges that Dr Kogan created a third party app known as “thisisyourdigitallife” which was available on Facebook’s platform.
It says the app required users to log in with their Facebook details, requesting permission to access data including the user’s name, date of birth, friends lists, current city, posts on their news feed, email addresses and Facebook messages.
The information was then used to generate “personality profiles” for users, according to the ICO.
The data was allegedly shared with a number of companies, including SCL Elections Limited, which controls Cambridge Analytica.
The Commissioner said there was evidence suggesting the app had access to messages sent by some users who had not given their permission, but had been exchanging Facebook messages with other people using the “thisisyourdigitallife” app – and therefore could not consent to the use of data.
It also said that where the app collected data about the Facebook friends of the app’s users, those friends were not informed about the use of their data.
Although Facebook made changes to its platform in 2014 which reduced the ability of apps to access data from users, the ICO alleges that some app developers including Dr Kogan were still about to retain information that they had previously collected.
The app was used by some 300,000 Facebook users worldwide, but because it also had access to the data of the Facebook friends of its users, the total number of people whose data was accessed is estimated by Facebook to be up to 87 million.