Facebook has backed down from a legal challenge against the UK’s privacy watchdog over a relatively minor £500,000 fine over Facebook user data that was illegally passed to political consultancy Cambridge Analytica.
The UK’s Information Commissioners (ICO) Office on Wednesday announced that Facebook has agreed to pay the fine for “serious breaches” relating to user data that was harvested by a Facebook-hosted app made by Dr Aleksandr Kogan.
The ICO issued the fine in October 2018. Since then the US Federal Trade Commission (FTC) slugged Facebook a USD$5 billion fine over multiple privacy issues, including the Cambridge Analytica fiasco.
Data from around 87 million Facebook users worldwide was harvested and transferred from Kogan to Cambridge Analytica, which used the data to profile US voters ahead of the 2016 US presidential election.
The ICO found at least one million UK users of the app were put at risk of misuse because of Facebook’s rules for developers between 2007 and 2014. There were concerns the data could have been used to profile UK voters ahead of its Brexit vote.
Facebook appealed the ICO’s penalty in November 2018, arguing there was no harm to UK users because the regulator didn’t find UK user data had been transferred to Cambridge Analytica.
The £500,000 fine was the maximum the ICO could issue under UK laws before EU’s GDPR regulations came into effect in May 2018. Had Facebook’s data sharing policies continued beyond May, it could have faced a £1 billion-plus fine or 4% of Facebook’s global revenue for a given year.
The ICO and Facebook have been dueling in courts since the October fine notice. This June, the tribunal handling Facebook’s appeal issued an interim decision “holding that procedural fairness and allegations of bias on the part of the ICO” was a valid factor in Facebook’s appeal. The ICO appealed that decision in September.
Facebook had also requested in its appeal that the ICO disclose details it collected during its investigation that led it to issuing the fine.
Facebook and the ICO have withdrawn their respective appeals and the settlement means Facebook has not admitted to guilt over the ICO’s charges. The social network can also “retain documents disclosed by the ICO during the appeal for other purposes, including furthering its own investigation into issues around Cambridge Analytica,” the ICO said.
The threat of multi-billion dollar fines sounds scary to most individuals and companies, but some US FTC commissioners argued that Facebook’s record $5 billion privacy fine didn’t do enough to change the company’s business model.