A three-year probe into Cambridge Analytica’s activities by the UK Information Commissioner has concluded that the controversial firm was not involved in the EU referendum.
Findings show that neither the company nor its parent company SCL was found to have misused data to influence the Brexit referendum. Some initial enquiries were also made in the early stages of the vote by UKIP, but went no further.
“I identified no significant breaches of the privacy and electronic marketing regulations and data protection legislation that met the threshold for formal regulatory action,” said Information Commissioner Elizabeth Denham in a report to Parliament’s Culture and Media Select Commission
She added that her team were unable to establish a link between the company and Russian intervention in UK politics. Earlier work had found evidence of a Russian IP address connected to an SCL source. However, Denham noted that Russian interference in the EU referendum was beyond her office’s remit.
The Information Commissioners Office (ICO) did find that the company had poor data practices, “which, had they sought to continue trading, would likely have attracted further regulatory action against them by my office,” according to Denham in the ICO report.
Cambridge Analytica stopped trading in May 2018, largely due to fallout from the data misuse scandal and subsequent investigation.
The report also made mention of Global Science Research (GSR), a company directed by Dr Aleksander Kogan, who developed the app used by the firm to harvest information. “My investigation found data in a variety of locations, with little thought for effective security measures, which appeared to have come from GSR and SCL/CA,” Denham said.
“Data was also found in servers and appeared to have been shared with a range of parties, for example, there was evidence that data had been shared with staff at SCL/CA, Eunoia Technologies Inc, the University of Cambridge and the University of Toronto,” she added.
The ICO investigation used materials seized from the company’s headquarters during a high-profile search in 2018.
- Ciaran Martin | Emerging cyber threats and their unintended consequences
- Leader Insights | Cybersecurity essentials with CISO Jordan Schroeder
- Data protection programme to be rolled out by UK Cabinet Office
Cambridge Analytica was accused of gathering data on millions of Facebook users without their consent. At one point, the company’s CEO Alexander Nix claimed that the company had up to 5,000 data points on every adult in the US.
The ICO found that both SCL and Cambridge Analytica added to this by purchasing commercially available personal data, potentially over 130 billion data points.
Through this data, the company provided an analysis of peoples’ voting habits and supplied the information to political groups to help create targeted adverts.
The company was employed during the 2016 US election by organisations linked to the campaigns of President Donald Trump and his then-Republican rival Ted Cruz.
The enquiry led to fines against Facebook and the Vote Leave and Leave.EU campaign groups. Facebook was fined £500,000 while Vote Leave and Leave.EU were fined £40,000 and £15,000 respectively.