Social Networks

UK ICO fines Facebook with maximum for Cambridge Analytica scandal

Facebook has been fined £500,000 by the UK’s Information Commissioner’s Office (ICO) for the Cambridge Analytica privacy scandal that exposed data of 87 million users.

The announcement was made by the UK’s data protection regulator, Information Commissioner Elizabeth Denham.

“The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had.” she said.

This is the first possible financial punishment that Facebook was facing for the Cambridge Analytica scandal.

According to the ICO data from at least 1 million British citizens was “unfairly processed,” the organization blames Facebook because it has “failed to take appropriate technical and organisational measures” to prevent the abuse of users’ data.

The ICO also accused Facebook to have “failed to make suitable checks on apps and developers using its platform.”

“The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had,” states the ICO.

“Even after the misuse of the data was discovered in December 2015,” continues the ICO, “Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion. In the case of SCL Group, Facebook did not suspend the company from its platform until 2018.”

Social network giant announced it is reviewing the ICO’s penalty and is asking to access Cambridge Analytica servers to analyze data they collected.

“We are grateful that the ICO has acknowledged our full co-operation throughout their investigation and have also confirmed they have found no evidence to suggest UK Facebook users’ data was in fact shared with Cambridge Analytica,” a Facebook spokesperson said.

“Now that their investigation is complete, we are hopeful that the ICO will now let us have access to CA servers so that we are able to audit the data they received.”

I personally believe that this fine is just symbolic if we compare it with potential penalties faced by the social network giant under EU’s General Data Protection Regulation (GDPR). GDPR establishes a maximum fine of 20 million euros or 4% of company annual global revenue (roughly£1.26 billion).

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – ICO, Cambridge Analytica)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

26 mins ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

14 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

21 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.