What just happened? The UK regulator's fine against Facebook for failing to protect user data amounts to a minor slap on the wrist but with new data privacy laws now in place, the next offense could sting a lot more. Even still, would it be enough to get the social network's attention?
The Information Commissioner’s Office (ICO), the UK’s independent regulator for data protection and information rights law, has fined Facebook £500,000 ($641,000) for failing to protect users’ personal data.
An investigation by the ICO found that between 2007 and 2014, Facebook unfairly processed the personal information of its users by granting app developers access to said information without clear and informed consent. According to the ICO, Facebook granted access “even if users had not downloaded the app, but were simply “friends” with people who had.”
The ICO specifically mentioned the Cambridge Analytica scandal in today’s announcement.
£500,000 doesn’t even make a blip on the financial radar for a company that brought in more than $40 billion in revenue in 2017. That said, it was the maximum fine allowable under the laws that were in place at the time (based on the Data Protection Act 1998). In May, those rules were replaced by the new data Protection Act 2018 and the EU’s General Data Protection Regulation (GDPR).
Had Facebook been fined under the new laws, the penalty could have been much higher – as much as £17 million, or four percent of global turnover.
Future data breaches – perhaps like Facebook’s most recent affecting 50 million users – could be far more costly for the social network.