#Privacy: Facebook accepts ICO Cambridge Analytica fine


Facebook has said it will pay the £500,000 financial penalty that the social network was issued by the UK’s data privacy watchdog, the Information Commissioner’s Office (ICO).

The fine came as a result of Facebook’s role in the Cambridge Analytica scandal, news of which first broke in March 2018.

Mark Zuckerberg’s firm had intended to appeal the ICO’s ruling, which prompted the regulator into launching a counter-appeal of its own. In spite of willing to meet the ICO’s demand, Facebook is still yet to admit liability for its part in the incident, but has said that “it wished it had done more to investigate Cambridge Analytica” earlier.

Deputy commissioner at the ICO, James Dipple-Johnstone, said.

“The ICO welcomes the agreement reached with Facebook for the withdrawal of their appeal against our Monetary Penalty Notice and agreement to pay the fine. The ICO’s main concern was that UK citizen data was exposed to a serious risk of harm.

“Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy.

“We are pleased to hear that Facebook has taken, and will continue to take, significant steps to comply with the fundamental principles of data protection. With this strong commitment to protecting people’s personal information and privacy, we expect that Facebook will be able to move forward and learn from the events of this case.”

Harry Kinmonth, Director and Associate General Counsel, Facebook said:

“We are pleased to have reached a settlement with the ICO. As we have said before, we wish we had done more to investigate claims about Cambridge Analytica in 2015.

“We made major changes to our platform back then, significantly restricting the information which app developers could access. Protecting people’s information and privacy is a top priority for Facebook, and we are continuing to build new controls to help people protect and manage their information.

“The ICO has stated that it has not discovered evidence that the data of Facebook users in the EU was transferred to Cambridge Analytica by Dr Kogan. However, we look forward to continuing to cooperate with the ICO’s wider and ongoing investigation into the use of data analytics for political purposes.

A data scandal to define the digital era

In 2014, Facebook hosted a third-party personality quiz app which harvested the personal data of up to 87 million people, some of which fell into the hands of UK data intelligence company, Cambridge Analytica. The ICO maintains that the social network should have done more to protect account holders’ personal information.

The scandal began to unravel in Janurary 2017, after Parsons School of Design Professor, David Carroll leveraged the EU’s General Data Protection Regulation to exercise a Data Subject Access Request against Cambridge Analytica to find out what the firm knew about him.

The events that followed blew open Facebook’s murky data sharing relationship with Cambridge Analytica to paint a terrifying picture of what can happen when users’ data privacy is treated as anything less than a top priority.

The timeline is analysed to depth by Professor David Carroll in an exclusive interview with PrivSec report, which you can read here.

PrivSec Conference New York

Professor David Carroll will be discussing The Great Hack and his role in the Cambridge Analytica inquest at PrivSec Conference New York, coming to Columbia University on November 5th and 6th.

The two-day conference brings global business leaders and IT experts together with senior figures in cyber protection and security at a decisive point in the evolution of global data privacy.

David Carroll joins a distinguished roster of representatives from other global organisations including Uber, the New York Times, BNY Melon, Bank of England, Raytheon and many more.

For more information on this landmark conference, or to book your ticket, click here.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/