Procurement · 11 July 2018

Facebook dodges £479m GDPR penalty with “unacceptable” £500,000 fine

Facebook’s data breaches occurred before new data protection laws were introduced

Following a controversial breach of user data, social media giant Facebook been hit with a £500,000 fine from the UK’s GDPR watchdog.

Under GDPR, companies responsible for a breach of data are liable to fines up to 4% of annual turnover. For Facebook, this would have amounted to a penalty worth £479m.

Following a 16-month investigation by the Information Commissioner’s Office (ICO), Facebook was deemed to have failed to ensure controversial data harvester, Cambridge Analytica, had deleted data of Facebook users.

GDPR support for small firms
ICO helpline
Guide to the GDPR
GDPR checklist
12 steps to prepare now

The ICO has confirmed it intends to fine Facebook £500,000 over the incident, which was made public by whistle-blower and former Cambridge Analytica employee, Christopher Wylie, in revelations made to the Observer and New York Times newspapers.

In an official statement, the watchdog said: “The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information.”

“It also found that the company failed to be transparent about how people’s data was harvested by others.”

__________________________________________________________________________________
ALT_TEXT

 

GDPR watchdog tells small businesses: “We are not looking for perfection”

The UK’s information commissioner spoke to small business owners on the day of GDPR’s introduction stating it will focus on bigger players over smaller firms

__________________________________________________________________________________

While the highest fines under the new data protection bill, legislation which brought GDPR into UK statute books, are set at £17m or 4% of annual turnover, whichever is higher, the ICO was forced to act under old data protection laws as Facebook’s offences took place in 2016.

Responding to Facebook’s fine, Kyle Taylor, director of campaigning group Fair Vote UK, suggested the represented a mere slap on the wrist for Facebook.

“Under new GDPR laws, the ICO could fine Facebook £479m.”

“Unfortunately, because they had to follow old data protection laws, they were only able to fine them the maximum of £500,000. This is unacceptable,” Taylor added.

Information Commissioner Elizabeth Denham maintained that accountability for such data breaches was not “all about fines”, as companies also have a reputation at stake.

She added: “Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system,” she said.

Facebook has a chance to respond to its fine before a final decision is made.

GDPR factsheet: It isn’t just about customers, it matters for employee data too

Sign up to our newsletter to get the latest from Business Advice.


 
TAGS:

ABOUT THE EXPERT

Simon Caldwell is deputy editor at Business Advice. He has a BA in politics and communications from the University of Liverpool, and has previously worked as a content editor in local government and the ecommerce industry.

Q&A

If you’ve found the article above useful, but have a more detailed and bespoke question, then please feel free to submit a query to our expert. We at Business Advice will get in contact with them on your behalf and arrange for a personalised response. These questions and answers will then be collated on the site for any other readers who have similar queries.

Ask a question

Business development