Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Britain to Fine Facebook Over Data Breach

Britain’s data regulator said Wednesday it will fine Facebook half a million pounds for failing to protect user data, as part of its investigation into whether personal information was misused ahead of the Brexit referendum.

Britain’s data regulator said Wednesday it will fine Facebook half a million pounds for failing to protect user data, as part of its investigation into whether personal information was misused ahead of the Brexit referendum.

The Information Commissioner’s Office (ICO) began investigating the social media giant earlier this year, when evidence emerged that an app had been used to harvest the data of tens of millions of Facebook users worldwide.

In the worst ever public relations disaster for the social media giant, Facebook admitted that up to 87 million users may have had their data hijacked by British consultancy firm Cambridge Analytica, which was working for US President Donald Trump’s 2016 campaign.

Cambridge Analytica, which also had meetings with the Leave.EU campaign ahead of Britain’s EU referendum in 2016, denies the accusations and has filed for bankruptcy in the United States and Britain.

“In 2014 and 2015, the Facebook platform allowed an app… that ended up harvesting 87 million profiles of users around the world that was then used by Cambridge Analytica in the 2016 presidential campaign and in the referendum,” Elizabeth Denham, the information commissioner, told BBC radio.

Wednesday’s ICO report said: “The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information.” 

Without detailing how the information may have been used, it said the company had “failed to be transparent about how people’s data was harvested by others”.

The ICO added that it plans to issue Facebook with the maximum available fine for breaches of the Data Protection Act — an equivalent of $660,000 or 566,000 euros.

Because of the timing of the breaches, the ICO said it was unable to impose penalties that have since been introduced by the European General Data Protection, which would cap fines at 4.0 percent of Facebook’s global turnover.

In Facebook’s case this would amount to around $1.6 billion (1.4 billion euros).

“In the new regime, they would face a much higher fine,” Denham said.

– ‘Doing the right thing’ –

“We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes,” Denham said.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.”

In May, Facebook chief Mark Zuckerberg apologised to the European Parliament for the “harm” caused.

EU Justice Commissioner Vera Jourova welcomed the ICO report.

“It shows the scale of the problem and that we are doing the right thing with our new data protection rules,” she said.

“Everyone from social media firms, political parties and data brokers seem to be taking advantage of new technologies and micro-targeting techniques with very limited transparency and responsibility towards voters,” she said.

“We must change this fast as no-one should win elections using illegally obtained data,” she said, adding: “We will now assess what can we do at the EU level to make political advertising more transparent and our elections more secure.”

– Hefty compensation bill –

The EU in May launched strict new data-protection laws allowing regulators to fine companies up to 20 million euros ($24 million) or four percent of annual global turnover.

But the ICO said because of the timing of the incidents involved in its inquiry, the penalties were limited to those available under previous legislation.

The next phase of the ICO’s work is expected to be concluded by the end of October. 

Erin Egan, chief privacy officer at Facebook, said: “We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We’re reviewing the report and will respond to the ICO soon.”

The British fine comes as Facebook faces a potential hefty compensation bill in Australia, where litigation funder IMF Bentham said it had lodged a complaint with regulators over the Cambridge Analytica breech — thought to affect some 300,000 users in Australia.

IMF investment manager Nathan Landis told The Australian newspaper most awards for privacy breaches ranged between Aus$1,000 and Aus$10,000 (US$750-$7,500).

This implies a potential compensation bill of between Aus$300 million and Aus$3 billion.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...