U.K. hits Facebook with data protection fine

The U.K.’s Information Commissioner’s Office has fined Facebook £500,000 ($640,463) for “serious breaches of data protection law.”

The ICO is the UK’s independent regulator for data protection and information rights law.

The fine is the maximum allowable under the laws that applied at the time the incidents occurred.

The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply “friends” with people who had, according to the ICO.

Facebook also failed to keep the personal information secure because it failed to make suitable checks on apps and developers using its platform, the ICO says. These failings meant one developer, Aleksandr Kogan and his company GSR, harvested the Facebook data of up to 87 million people globally, without their knowledge, ICO says. According to ICO, a subset of this data was later shared with other organizations, including SCL Group, the parent company of Cambridge Analytica, who were involved in political campaigning in the U.S.

Even after the misuse of the data was discovered in December 2015, Facebook didn’t do enough to ensure those who continued to hold it had taken adequate remedial action, including erasing the data, the ICO claims. 

The ICO found that the personal information of at least one million U.K. users was among the harvested data.

Visit News and Tech