The Information Commissioner’s Office (ICO) intends to fine Facebook a record £500,000 for two breaches of the Data Protection Act 1998. The two breaches are linked to the Cambridge Analytica scandal whereby Facebook had failed to ensure Cambridge Analytica deleted tens of millions of users’ personal data.
As part of the ICO’s investigation, it was also found that Facebook had breached its own internal rules in ensuring the deletion of personal data. The fine of £500,000 is the maximum allowed under the Data Protection Act 1998. However, under the General Data Protection Regulations, this has now increased to €20 million or 4 per cent of turnover (whichever is greater).
While Facebook is one of the world’s largest data controllers it’s clear from a previous BHW blog reporting on the Noble Design ICO fine that the ICO is not allowing companies of any size to avoid data protection legislation and will bring an action against those who fail to comply.