Data Breach – Facebook/Cambridge Analytica

After appeals from both parties, an agreement has now been reached between Facebook and the Information Commissioner’s Office (ICO) regarding the Cambridge Analytica scandal. Facebook has agreed to pay a £500,000 fine and both parties will drop their respective appeals. This is the maximum penalty that can be issued under the old data protection laws, preceding the GDPR policies that came into force last May. The scandal involved a personality quiz app that collected the data of up to 87 million Facebook users between 2007 and 2014, including more than one million people in the UK. Some of this data was then sold to the company Cambridge Analytica and used to psychologically profile voters in the US. The ICO argues that Facebook users had their personal information processed without being given “sufficiently clear and informed consent” and that Facebook failed to secure this data due to not regulating the apps and developers using its platform. Facebook concedes that more should have been done to investigate the issue when it was discovered in 2015 but says as part of their commitment to protecting people’s privacy, they have made major changes and built new controls.

It is advisable that users review the privacy settings of their social media platforms to help their data remain secure. Be cautious about what information you share and be aware of who has access to it. People may not always be who they say they are online, and criminals may use personal data for identity theft or phishing attempts.