Brexit data contravention lands Facebook a £500,000 fine

The Information Commissioner’s Office (ICO), UK’s data protection regulator, intends to fine Facebook half a million pounds for its failure to safeguard user data in the run-up to the country’s referendum to leave the EU in 2016.

Wei Shi

July 11, 2018

2 Min Read
Brexit data contravention lands Facebook a £500,000 fine

The Information Commissioner’s Office (ICO), UK’s data protection regulator, intends to fine Facebook half a million pounds for its failure to safeguard user data in the run-up to the country’s referendum to leave the EU in 2016.

After more than a year’s investigation, the ICO’s progress report published today (11 July) determined that Facebook breached Data Protection Act 1998 by lacking transparency “and security issues relating to the harvesting of data”. Facebook is due to present its case in front of the ICO later this month.

We asked Facebook for a comment and got this from Erin Egan, its Chief Privacy Officer: “As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015. We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We’re reviewing the report and will respond to the ICO soon.”

In addition to penalising Facebook with the highest possible sum in its jurisdiction, ICO has also undertaken actions against a string of parties suspected of having involved in irregularities during the campaign:

  • Enforcement Notice to cooperate with investigation was sent to SCL Elections, affiliated with Cambridge Analyica, and steps are being take to bring criminal charges against SCL Elections for its failure to implement the Enforcement Notice;

  • Warning letters were sent to 11 political parties on their ways of buying and using voter data. Audits are planned for later this year;

  • Enforcement Notice was sent to the Canadian data analytics firm AggregateIQ (AIQ) demanding it to stop possessing UK voters’ data, in cooperation with the Canadian authorities;

  • Investigation into both the Leave and Remain campaigns are ongoing;

  • An audit on Cambridge University’s policy and process will be conducted. A recommendation to Universities UK was issued demanding the education institutions to be more vigilant on the usage of personal data gathered for academic research purposes vs. academics’ private commercial interest.

In a certain sense, Facebook was fortunate with timing. Had the new GDPR been in place before the referendum, the ICO would have the authority to handout a ticket of up to €20 million (£17 million).

About the Author

Wei Shi

Wei leads the Telecoms.com Intelligence function. His responsibilities include managing and producing premium content for Telecoms.com Intelligence, undertaking special projects, and supporting internal and external partners. Wei’s research and writing have followed the heartbeat of the telecoms industry. His recent long form publications cover topics ranging from 5G and beyond, edge computing, and digital transformation, to artificial intelligence, telco cloud, and 5G devices. Wei also regularly contributes to the Telecoms.com news site and other group titles when he puts on his technology journalist hat. Wei has two decades’ experience in the telecoms ecosystem in Asia and Europe, both on the corporate side and on the professional service side. His former employers include Nokia and Strategy Analytics. Wei is a graduate of The London School of Economics. He speaks English, French, and Chinese, and has a working knowledge of Finnish and German. He is based in Telecom.com’s London office.

Subscribe and receive the latest news from the industry.
Join 56,000+ members. Yes it's completely free.

You May Also Like