Facebook Agrees to 500,000 Fine for Cambridge Analytica Data Breach

Social media giant did not admit liability.

Facebook Agrees to £500

Source: Facebook

Facebook is finally facing the music for the Cambridge Analytica data breach. The social media platform has agreed to pay a 500,000 fine, approximately $643,000, to the United Kingdoms Information Commissioners Office (ICO), reports NPR. The ICO alleges that Facebook failed to protect data gathered by Cambridge Analytica from approximately 87 million Facebook users. After litigating the matter for more than a year after the monetary penalty notice was originally levied, Facebook agreed to pay the fine to end the appeals and negotiations between Facebook and the U.K.

Despite agreeing to the penalty, the social media giant did not admit any guilt. As part of the agreement, Facebook will retain documents disclosed by the ICO during the appeal and which may be used to investigate Cambridge Analytica. Facebook and the ICO will each pay their own legal costs. Portions of the investigation, which had been put on hold, may now continue.

You May Be Interested In:

COVID-19: Early Insights on
Trends, Trials, and Growth Implications for Subscription Businesses

Register for our free webinar on July 15th.

REGISTER TODAY 

The fine will settle the claim by the ICO that Facebook violated the Data Protection Act of 1998. The fine was the maximum allowed. Since then, new data protection laws have been imposed which would allow for steeper penalties. NPR says that, for the same offense in 2018, Facebook could be fined up to 17 million, or approximately $22 million.

The ICO welcomes the agreement reached with Facebook for the withdrawal of their appeal against our Monetary Penalty Notice and agreement to pay the fine. The ICOs main concern was that UK citizen data was exposed to a serious risk of harm. Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy. We are pleased to hear that Facebook has taken, and will continue to take, significant steps to comply with the fundamental principles of data protection. With this strong commitment to protecting peoples personal information and privacy, we expect that Facebook will be able to move forward and learn from the events of this case, said James Dipple-Johnstone, deputy commissioner of ICO, in an October 30 statement.

Henry Kinmonth, director and associate general counsel for Facebook, also commented on the agreement.

We are pleased to have reached a settlement with the ICO. As we have said before, we wish we had done more to investigate claims about Cambridge Analytica in 2015. We made major changes to our platform back then, significantly restricting the information which app developers could access, said Kinmonth.

Protecting peoples information and privacy is a top priority for Facebook, and we are continuing to build new controls to help people protect and manage their information. The ICO has stated that it has not discovered evidence that the data of Facebook users in the EU was transferred to Cambridge Analytica by Dr Kogan. However, we look forward to continuing to cooperate with the ICOs wider and ongoing investigation into the use of data analytics for political purposes, Kinmonth added.

Insider Take:

The announcement of the agreement came out the same day as Facebooks third quarter financials. That seems unlikely to be a coincidence, but perhaps a condition by Facebook prior to the agreement. Facebook was fined approximately $643,000 in U.S. dollars. The companys legal costs probably exceeded the fine.

In the third quarter of 2019, the company earned total revenue of $17.7 billion. That penalty is such a small percentage of Facebooks total quarterly revenue, it wont hurt their fourth quarter bottom line. It is certainly not enough of a penalty to incentivize better behavior, but it is yet another ding in Facebooks already-damaged reputation. Hopefully, the new data protection rules in the U.K. and the European Union will provide some sort of warning that data breaches are serious business and wont be tolerated.