By: Allison Trimble
The U.K. Information Commissioner’s Office announced it will impose the maximum fine of $660,000 for Facebook’s breach of the U.K. Data Protection Act (see Notice of Intent). The breach, which includes both the failure to safeguard personal information and the failure to provide transparency as to how personal information was harvested by others, is tied to the Cambridge Analytica scandal in which the personal information of 87 million Facebook users was improperly shared with third parties without such users’ consent. The ICO initiated the investigation of Cambridge Analytica following reports that personal information from Facebook had been misused by political campaigns during the 2016 referendum on the U.K.’s membership within the European Union (see Investigation Update). Based on Facebook’s 2018 net profits, sources speculate it would take the tech giant a mere 18 minutes to pay off the fine. In contrast, had the breach occurred following the enactment of the European Union’s General Data Protection Regulation, Facebook might be facing much steeper fines of the greater of $23.5 million or 4% of its annual global turnover (based on Facebook’s 2018 net profits, this would equal approximately $1.6 billion). Facebook still has the opportunity to respond to the Information Commissioner’s Office prior to it making its final decision which is slated to occur later this month.