Facebook appeals GBP 500,000 data breach scandal fine by UK watchdog

Social media giant Facebook on Wednesday said it has filed an appeal against the 500,000 pound fine slapped on it by the UK's independent data watchdog for serious breaches of data protection law imposed last month.

The fine amount by the UK Information Commissioner's Office (ICO) was the maximum it is authorised to issue. It relates to the US social media giant's role in the Cambridge Analytica data scandal, which hit the headlines earlier this year.

However, Facebook says that because the regulator found no evidence that UK users' personal data had been shared inappropriately, the penalty of 500,000 pounds was unjustified.

Wednesday was the final day Facebook could challenge the UK Information Commissioner's ruling.

The controversy relates to an academic at the University of Cambridge, Dr Aleksandr Kogan, using a personality quiz to harvest up to 87 million Facebook users' details.

"The ICO's investigation stemmed from concerns that UK citizens' data may have been impacted by Cambridge Analytica, yet they now have confirmed that they have found no evidence to suggest that information of Facebook users in the UK was ever shared by Dr Kogan with Cambridge Analytica, or used by its affiliates in the Brexit referendum," Facebook's lawyer Anna Benckert said in a statement.

"Therefore, the core of the ICO's argument no longer relates to the events involving Cambridge Analytica. Instead, their reasoning challenges some of the basic principles of how people should be allowed to share information online, with implications which go far beyond just Facebook, which is why we have chosen to appeal," it adds.

The ICO had said in its ruling in October that its investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowed access even if users had not downloaded the app, but were simply friends with people who had.

"Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data. A company of its size and expertise should have known better and it should have done better, Information Commissioner Elizabeth Denham had said last month.

The fine was served under the UK's Data Protection Act 1998, which has since been replaced by the new Data Protection Act 2018 in May, alongside the European Union's General Data Protection Regulation (GDPR).

The new rules provide a range of new enforcement tools for the ICO, including maximum fines of GBP 17 million or 4 per cent of global turnover.

ICO had concluded that Facebook failed to keep the personal information secure because it failed to make suitable checks on apps and developers using its platform.

These failings meant one developer, Dr Aleksandr Kogan and his company GSR, harvested the Facebook data of up to 87 million people worldwide, without their knowledge.

A subset of this data was later shared with other organisations, including SCL Group, the parent company of Cambridge Analytica who were involved in political campaigning in the US.

SCL Group, a private British behavioural research and strategic communication company, had announced its closure in May this year in the wake of the scandal.

The group's activities spread across the world, including India, where the company reportedly did some data analysis work during election campaigns.

(This article has not been edited by Zeebiz editorial team and is auto-generated from an agency feed.)