UK: If Facebook welcomes regulation it should drop appeal against £500k privacy fine

Credit: ID 116299998 © Klevo |

The UK privacy watchdog says that if Facebook CEO Mark Zuckerberg wants more regulation over the internet, his company should drop its appeal against the £500,000 ($900,009) fine it was slapped with in October in the wake of the Cambridge Analytica scandal.

Zuckerberg, in an op-ed posted to his Facebook account on Saturday, called for a more active role for governments and regulators in regulating internet companies like Facebook. 

The Facebook CEO said governments around the world needed new regulation to control harmful content, election integrity, privacy and data portability. 

He also said the Internet would benefit if more countries adopted Europe’s General Data Protection Regulation (GDPR), which allows for fines of up to four percent of an organization’s global revenue. 

In a statement today, UK Information Commissioner Elizabeth Denham turned Zuckerberg’s opinion piece back to the company’s appeal against the £500,000 fine it gave Facebook last October for allowing third-party app developers to process Facebook users’ information without informed consent.   

“In light of Mark Zuckerberg’s statements over the weekend about the need for increased regulation across four areas, including privacy, I expect Facebook to review their current appeal against the ICO’s £500,000 fine - the maximum available under the old rules —  for contravening UK privacy laws,” said Denham. 

Despite GDPR coming in to force in May 2018, the ICO imposed the maximum fine available under previous rules as the company's violations occurred before May. Had it been levied under GDPR, the fine could have been £1.2bn, equal to four percent of Facebook’s global revenue in 2017.  

The fine was due to Facebook’s lax rules for app developers between 2007 and 2014, which allowed app developer Dr Aleksandr Kogan to use his personality quiz app to harvest data about 87 million people around the world. That data was then shared with third-parties, including SCL Group, the owner of political consultancy Cambridge Analytica.

The ICO’s investigation found at least one million UK users of the app was harvested and put at risk of misuse because of Facebook’s rules at the time. There were concerns the data on UK users was used to influence the 2016 Brexit vote. 

As per The Guardian in November, Facebook appealed the fine because the ICO didn’t find any evidence that UK Facebook users’ data was shared by Kogan with Cambridge Analytica, or the company’s affiliates in the Brexit vote. 

Facebook contends that since there was no harm to Facebook’s UK users the ICO's reasoning for fining it was about how people share data. 

Anna Benckert, Facebook's associate general counsel in Europe said it was challenging the fine because it would mean that “to forward an email or message without having agreement from each person on the original thread" would be a breach of data protection rules. 

“Therefore, the core of the ICO’s argument no longer relates to the events involving Cambridge Analytica. Instead, their reasoning challenges some of the basic principles of how people should be allowed to share information online, with implications which go far beyond just Facebook, which is why we have chosen to appeal,” said Bencker .

The ICO’s statement today points to Denham’s comments to the International Grand Committee in November in which she says Facebook is being "disingenuous" for comparing what it allowed with email forwarding. 

“We fined Facebook because it allowed applications and application developers to harvest the personal information of its customers who had not given their informed consent—think of friends, and friends of friends—and then Facebook failed to keep the information safe,” said Denham, adding that it was "not a case of no harm, no foul". 

“Facebook broke data protection law, and it is disingenuous for Facebook to compare that to email forwarding, because that is not what it is about; it is about the release of users’ profile information without their knowledge and consent. That is messages and likes; that is their profile.”

Tags privacyFacebookicoUKGDPRCambridge Analytica

Show Comments