Image

Image

We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR. One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data.According to the ICO's investigation, Facebook granted application developers the ability to access its users' data without clear consent. The social media giant also failed to impose checks on developers and apps using the platform, the agency found. This oversight enabled a developer to harvest the data of up to 87 million Facebook users and share at least part of this data with Cambridge Analytica, a political consulting firm which was active during the 2016 U.S. presidential election. The Information Commissioner's Office also discovered that Facebook had neglected to properly remediate these issues after the data misuse was discovered in December 2015. The fine is the maximum amount that the ICO can impose under the Data Protection Act 1998. In 2018, this framework was replaced with the Data Protection Act 2018 along with the European Union's General Data Protection Regulation (GDPR). Under those new regulations, the agency can impose fines of up to £17 million or 4 global annual turnover, whichever is higher. Click here to read the ICO's full monetary penalty notice for Facebook.