ICO Investigation Closes in on Facebook and Data Brokers
The Information Commissioners Office has concluded that the social media firm had broken Data Protection Regulations and will be subject to a massive fine.
2018 has been a tumultuous year so far for Facebook, with the Cambridge Analytica scandal blowing the lid on endemic levels of fake news, illegal data harvesting and outright deception of voters across the western world.
Following his appearance before US Senate and EU committees, Mark Zuckerberg has been navigating his beleaguered and battered ship through perilous waters; and things may get worse.
ICO On the Warpath
The scandal-ridden social media giant is set to be fined £500,000 by the Information Commissioners Office after it concluded that the firm broke data protection laws. This move comes 16 months after the office began its investigation into political campaigns’ use of personal data following Christopher Wylie’s revelations.
The privacy watchdog’s ongoing investigation into the misuse of user data has concluded that the California-based company failed to protect user information. Additionally, it also reports that the firm failed to provide clarity on the true extent of the data harvesting conducted by Cambridge Analytica when called upon to do so.
Cambridge Analytica insisted that it wiped personal data upon Facebook’s request in December 2015. However, the ICO said it had seen evidence that copies of the data had been widely shared among other organisations.
Information Commissioner Elizabeth Denham, highlighted the importance of the investigation in a statement published on the 10th of July, noting that the integrity of the democratic process is being damaged due to a lack of adequate information on what is going on with users’ data.
She said: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.
“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.”
Denham added that while fines and prosecutions “punish the bad actors” the ultimate goal of the investigation is to “effect change and restore trust and confidence in our democratic system.”
The ICO says it expects the next stages of the investigation to be completed by October of this year. Facebook, however, is not alone in the spotlight. Other actions underway include:
- Investigations into allegations that Arron Banks’ Eldon Insurance Services illegally shared customer data with the Leave.EU group – using call centre staff to make calls on behalf of the pro-Brexit campaign in the process.
- Collection and sharing of personal data conducted by the Remain campaign, Britain Stronger In Europe, and a linked data broker at also under intense scrutiny.
- An audit of Cambridge University’s Psychometrics Centre. This department, in particular, conducts research into social media profiles and is said to have been subject to a security breach involving one of the centre’s applications.
The ICO is also chasing down former staff members from SCL Elections and Cambridge Analytica to ensure that data obtained by the business before its collapse is not used in the future.
Labour Party Involvement
While political campaigns are being put to the sword by ICO, so too are some of the UK’s major political parties. The office has written to 11 political parties urging them to conduct data protection audits and ensure that practices are maintained to a high standard.
Parties using data brokers to obtain lifestyle information may be accessing data that was taken without consent.
In particular, the ICO says it is concerned over the Labour Party’s involvement with one data broker; Emma’s Diary. This firm offers health advice to pregnant women and also provides gift packs after a child is born. According to the watchdog, there are serious concerns over how transparent the firm had been about its involvement with parties and the methods through which it obtained information.
Labour Party has used the firm in the past, but the ICO has not provided additional details at this point – other than stating it intends to take regulatory action.
Speaking to the BBC the service’s owner, Lifecycle Marketing said that it disagreed with the initial findings, stating:
“For over 25 years we have operated with integrity and within the spirit of data regulation. As the ICO investigation continues we will freely cooperate…and cannot comment further at this stage.”
Dodging a (GDPR) Bullet
A fine of £500,000 may appear significant and represents the strongest possible punishment available to the ICO. However, this is the same amount of money that Facebook generates in a matter of minutes.
As such, the firm will be unlikely to flinch at the thought of paying half a million pounds. What this does signify, however, is a concerted effort by the ICO to crack down on nefarious data harvesting practices and hold business and political interests to account.
The fine may have been much larger if the breach hadn’t taken place so long ago. Under the General Data Protection Regulation (GDPR) introduced on May 25th, the firm could have been fined up to 4% of its global turnover. The watchdog said that due to the timing of the breaches, however, it could not call upon these new powers.