Last week we saw the Austrian Data Protection Authority issue a fine for violations against GDPR. It was a small fine issued to a startup. Today, however, the fine is issued by the ICO to the well-known giant company, Facebook.
The fact that Facebook is not very good at keeping personal data of its users private is a known fact, especially after the scandal with Cambridge Analytica this year. After long considerations and analyzing the case, the ICO issued a fine for Facebook for its sharing of data for political reasons. The amount - £500,000 - is the maximum that can be applied in this case.
ICO’s investigation, found that between 2007 and 2014 Facebook processed personal data of its users in an unfair manner without sufficient consent, or using non-transparent practices. For example, they allowed access to data of people who had not downloaded the app, simply for being friends with people who had. The company also failed to keep personal data secure by not properly checking the app or the online platform in general. All of this was followed by the well-known Cambridge Analytica issue, where it is believed that up to one million UK users had their data exposed.
The fine was however not served under the GDPR, since most issues happened before its enforcement, it was served under the Data Protection Act.
Ms Elizabeth Denham said:
“We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR. One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data.”
“Our work is continuing. There are still bigger questions to be asked and broader conversations to be had about how technology and democracy interact and whether the legal, ethical and regulatory frameworks we have in place are adequate to protect the principles on which our society is based.”
The next update in this case is expected on November 6th when Ms Denham will give evidence to the Department for Digital, Culture, Media and Sport (DCMS) Select Committee.