A British watchdog said it plans to fine Facebook $663,000 for its data breach involving Cambridge Analytica over failure to secure users data.
The Information Commissioner’s Office, Great Britain’s independent body to protect information rights, said Tuesday the fine would be the maximum penalty for two breaches of the Data Protection Act 1998.
Its investigation determined Facebook violated the law by “failing to safeguard people’s information,” and “failing to be transparent about how people’s data was harvested by others,” the ICO release said.
Former Cambridge Analytica employee Christopher Wylie blew the whistle in February that a Facebook app developed by Cambridge University academics, including Dr. Aleksandr Kogan, was used to harvest data from millions of Facebook users and their friends. The total number of users breached could be as high as 87 million, including 1 million in the United Kingdom.
The ICO opened its investigation more than a year ago to probe whether political campaigns misused personal data related to Great Britain’s 2016 referendum on whether it would remain in the European Union. Since this winter, the investigation’s focus has shifted to the Cambridge Analytica breach.
British Information Commissioner Elizabeth Denham told BBC News “the magnitude of the breach” resulted in the large fine, and though Facebook has since changed its platform, it “didn’t follow through on their responsibilities even when they found out that data set was out there.”
Facebook is also facing a class-action lawsuit from advocacy group Fair Vote over the Cambridge Analytica scandal. The group, which has 84 claimants so far, said around 1 million British citizens affected by the breach could join the suit for compensation.
The group said the ICO’s decision to fine Facebook supported its claim.
By Sommer Brokaw