The United Kingdom’s Information Commissioner’s Office today fined Facebook 500,000 pounds ($645,000) for its role in the Cambridge Analytica scandal.
The ICO ruled that Facebook from 2007 to 2014 “processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who did.”
Mark Zuckerberg’s social media site also failed to keep information secure because it failed to make suitable checks on apps and developers using its platform, according to the ICO.
These failings allowed Aleksandr Kogan and his company, GSR, to harvest Facebook data of up to 87M people worldwide without their knowledge. A subset of that data was shared with SCL Group, parent of CA, which was involved in the US presidential election.
The ISO notes when Facebook learned in 2015 that its data was misused, it “did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion."
Facebook did not suspend SCL until 2018.
The ICO’s 500,000 pound fine is the maximum allowable penalty under law at the time of the data misuse.
Gizmodo notes that Facebook chalks up $645K revenues in less than nine minutes based on its 2017 revenues.