The Information Commissioner’s Office of the United Kingdom hit Facebook with a fine equivalent to $664,000 over the Cambridge Analytica scandal, as reported by The Washington Post and several other outlets. The British regulator has yet to issue an official confirmation of the development but the figure itself represents the maximum fine it could have given to the company over the data privacy debacle that compromised tens of millions of users around the world, including some UK citizens.
The sanction itself may still be changed based on whether Facebook appeals it and how it decides to go about doing so. The British regulator’s preliminary investigation into the Cambridge Analytica incident led it to conclude Facebook failed to take enough proactive measures to protect the privacy of its users, in addition to reacting to the incident in a subpar manner, opting for a cover-up instead of transparency. The largest social media network in the world only pledged to do more to protect the personal information of its users after March reports detailed the entire ordeal, revealing Cambridge Analytica collaborated with an academic who created an online personality quiz designed not just to harvest the data of those who take it and technically agree to it, but also mine information of their unknowing Facebook friends. Before declaring bankruptcy this spring, the political consulting firm repeatedly argued its data collection activities weren’t illegal and were an accepted industry practice, a notion that Facebook itself reinforced after banning dozens of other apps for similar acts following the emergence of the first scandal.
Cambridge Analytica was also involved in a pro-Brexit online campaign two years ago, as one London-led investigation previously revealed. Facebook’s top officials faced repeated grillings over the matter in recent months but lawmakers in the UK remain unsatisfied about their answers to questions pertaining to the Internet juggernaut’s privacy policies and related practices. As of late May, Facebook is required to comply with the General Data Protection Regulation, a strict IT law meant to ensure a high level of transparency from digital companies that mine, store, and leverage any kind of user data.