The troubled social networking giant, Facebook, was this week hit by a gigantic £500,000 fine from UK data protection regulator, the Information Commissioner’s Office. The fine was due to serious data protection breaches and is the highest pre-GDPR fine possible.
The fine, whilst massive, will be a drop in the ocean for the social networking giant. The company could have been hit with a €20 million Euro fine if the breach had occurred during the new data protection regime that heralded the arrival of GDPR.
The ICO stated:
“The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had.
Even after the misuse of the data was discovered in December 2015, Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion. In the case of SCL Group, Facebook did not suspend the company from its platform until 2018.”
A million UK Facebook users’ personal data was harvested and the length of time between discovery and the suspension (of the penetrators) raises questions and concerns about Facebook’s standards. This was a failure that resulted in the protection of privacy afforded under the Data Protection Act to be nil and void as Facebook failed to protect its users from rouge elements.