This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.bbc.co.uk/news/technology-44785151
The article has changed 7 times. There is an RSS feed of changes available.
| Version 4 | Version 5 |
|---|---|
| Facebook faces £500,000 fine from UK data watchdog | Facebook faces £500,000 fine from UK data watchdog |
| (about 1 hour later) | |
| The UK's data protection watchdog intends to fine Facebook £500,000 for data breaches - the maximum allowed. | The UK's data protection watchdog intends to fine Facebook £500,000 for data breaches - the maximum allowed. |
| The Information Commissioner's Office said Facebook had failed to ensure another company - Cambridge Analytica - had deleted users' data. | The Information Commissioner's Office said Facebook had failed to ensure another company - Cambridge Analytica - had deleted users' data. |
| The ICO will also bring a criminal action against Cambridge Analytica's defunct parent company SCL Elections. | The ICO will also bring a criminal action against Cambridge Analytica's defunct parent company SCL Elections. |
| And it has raised concerns about political parties buying personal information from "data brokers". | And it has raised concerns about political parties buying personal information from "data brokers". |
| Specifically it named one company, used by the Labour Party, called Emma's Diary, a company that gives medical advice and free baby-themed goods to parents. | Specifically it named one company, used by the Labour Party, called Emma's Diary, a company that gives medical advice and free baby-themed goods to parents. |
| Facebook said it would respond to the report "soon". | Facebook said it would respond to the report "soon". |
| The ICO also said another company - Aggregate IQ - which worked with the Vote Leave campaign in the run up to the EU Referendum - must stop processing UK citizens' data. | The ICO also said another company - Aggregate IQ - which worked with the Vote Leave campaign in the run up to the EU Referendum - must stop processing UK citizens' data. |
| Kyle Taylor, director of campaigning group Fair Vote UK said "Under new GDPR (General Data Protection Regulation) laws, the ICO could fine Facebook £479m. | Kyle Taylor, director of campaigning group Fair Vote UK said "Under new GDPR (General Data Protection Regulation) laws, the ICO could fine Facebook £479m. |
| "Unfortunately, because they had to follow old data protection laws, they were only able to fine them the maximum of £500,000. This is unacceptable," he said. | "Unfortunately, because they had to follow old data protection laws, they were only able to fine them the maximum of £500,000. This is unacceptable," he said. |
| In 2017 Facebook was fined 110m euros (£95m) by the European Commission and in the same year they imposed a fine on Google of 2.42bn euros (£2.1bn). | In 2017 Facebook was fined 110m euros (£95m) by the European Commission and in the same year they imposed a fine on Google of 2.42bn euros (£2.1bn). |
| Information Commissioner Elizabeth Denham said "this is not all about fines" adding that companies were also worried about their reputation. | Information Commissioner Elizabeth Denham said "this is not all about fines" adding that companies were also worried about their reputation. |
| She said the impact of behavioural advertising, when it came to elections, was "significant" and called for a code of practice to "fix the system". | She said the impact of behavioural advertising, when it came to elections, was "significant" and called for a code of practice to "fix the system". |
| Such a code, she argued, would ensure that "elections are fair and people understand how they are being micro-targeted". | Such a code, she argued, would ensure that "elections are fair and people understand how they are being micro-targeted". |
| The action comes 16 months after the ICO began its probe into political campaigners' use of personal data following concerns raised by whistleblower Christopher Wylie, among others. | The action comes 16 months after the ICO began its probe into political campaigners' use of personal data following concerns raised by whistleblower Christopher Wylie, among others. |
| Mr Wylie, a former employee of Cambridge Analytica - a London-based political consulting firm - told the Observer and New York Times his company had made unauthorised use of personal data harvested from millions of Facebook users. | Mr Wylie, a former employee of Cambridge Analytica - a London-based political consulting firm - told the Observer and New York Times his company had made unauthorised use of personal data harvested from millions of Facebook users. |
| The ICO found that Facebook had breached its own rules and failed to make sure that Cambridge Analytica had deleted this personal data. | The ICO found that Facebook had breached its own rules and failed to make sure that Cambridge Analytica had deleted this personal data. |
| While Cambridge Analytica insisted it had indeed wiped the data after Facebook's erasure request in December 2015, the ICO said it had seen evidence that copies of the data had been shared with others. | While Cambridge Analytica insisted it had indeed wiped the data after Facebook's erasure request in December 2015, the ICO said it had seen evidence that copies of the data had been shared with others. |
| "This potentially brings into question the accuracy of the deletion certificates provided to Facebook," said an ICO spokesperson. | "This potentially brings into question the accuracy of the deletion certificates provided to Facebook," said an ICO spokesperson. |
| Responding to the ICO report, Mr Wylie said: "Months ago, I reported Facebook and Cambridge Analytica to the UK authorities. | Responding to the ICO report, Mr Wylie said: "Months ago, I reported Facebook and Cambridge Analytica to the UK authorities. |
| "Based on that evidence, Facebook is today being issued with the maximum fine allowed under British law. | "Based on that evidence, Facebook is today being issued with the maximum fine allowed under British law. |
| "Cambridge Analytica, including possibly its directors, will be criminally prosecuted." | "Cambridge Analytica, including possibly its directors, will be criminally prosecuted." |
| Lifestyle information | Lifestyle information |
| The ICO has also written to the UK's 11 main political parties compelling them to have their data protection practices audited. | The ICO has also written to the UK's 11 main political parties compelling them to have their data protection practices audited. |
| It is concerned the parties may have bought lifestyle information about members of the public from data brokers, who might have not have obtained the necessary consent. | It is concerned the parties may have bought lifestyle information about members of the public from data brokers, who might have not have obtained the necessary consent. |
| In particular, the ICO raised concern about one data broker: Emma's Diary. The firm offers medical advice to pregnant women and gift packs after babies are born. | In particular, the ICO raised concern about one data broker: Emma's Diary. The firm offers medical advice to pregnant women and gift packs after babies are born. |
| The ICO said it was concerned about how transparent the firm had been about its political activities. | The ICO said it was concerned about how transparent the firm had been about its political activities. |
| It said that the Labour Party had confirmed using the firm, but did not provide other details at this point beyond saying it intended to take some form of regulatory action. | It said that the Labour Party had confirmed using the firm, but did not provide other details at this point beyond saying it intended to take some form of regulatory action. |
| The service's owner Lifecycle Marketing told the BBC that it did not agree with the ICO's initial findings. | |
| "For over 25 years we have operated with integrity and within the spirit of data regulation," said a spokeswoman. | |
| "As the ICO investigation continues we will freely cooperate... and cannot comment further at this stage." | |
| Data Protection Act | Data Protection Act |
| Looking wider, the ICO noted that Facebook had been the biggest recipient of digital advertising by political parties and campaigns to date. | Looking wider, the ICO noted that Facebook had been the biggest recipient of digital advertising by political parties and campaigns to date. |
| Yet, it said, the US firm had neither done enough to explain to its members how they were being targeted as a consequence, nor given them enough control over how their sensitive personal data was used. | Yet, it said, the US firm had neither done enough to explain to its members how they were being targeted as a consequence, nor given them enough control over how their sensitive personal data was used. |
| As a result, it said, Facebook was guilty of two breaches of the Data Protection Act. | As a result, it said, Facebook was guilty of two breaches of the Data Protection Act. |
| Facebook has a chance to respond to the Commissioner's Notice of Intent, after which a final decision will be made. | Facebook has a chance to respond to the Commissioner's Notice of Intent, after which a final decision will be made. |
| The tech firm's chief privacy officer has issued a brief response. | The tech firm's chief privacy officer has issued a brief response. |
| "As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015," said Erin Egan. | "As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015," said Erin Egan. |
| "We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We're reviewing the report and will respond to the ICO soon." | "We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We're reviewing the report and will respond to the ICO soon." |
| How will Cambridge Analytica be dealt with? | How will Cambridge Analytica be dealt with? |
| In March, Channel 4 News aired undercover footage of Cambridge Analytica's CEO, Alexander Nix, giving examples of how the firm could swing elections around the world. | In March, Channel 4 News aired undercover footage of Cambridge Analytica's CEO, Alexander Nix, giving examples of how the firm could swing elections around the world. |
| Cambridge Analytica and its parent SCL Elections began insolvency proceedings in May. | Cambridge Analytica and its parent SCL Elections began insolvency proceedings in May. |
| But the ICO said it was still taking legal steps to bring a criminal prosecution against the business. | But the ICO said it was still taking legal steps to bring a criminal prosecution against the business. |
| The basis for this would be that SCL Elections had failed to properly respond to an earlier demand that it give a US academic a copy of any personal information it held on him along with an explanation as to its source and usage. | The basis for this would be that SCL Elections had failed to properly respond to an earlier demand that it give a US academic a copy of any personal information it held on him along with an explanation as to its source and usage. |
| Prof David Carroll first asked for the data in January 2017, and the ICO served a related enforcement order four months later. | Prof David Carroll first asked for the data in January 2017, and the ICO served a related enforcement order four months later. |
| Bearing in mind SCL Elections is now out of business, the ICO said it might consider taking action against the company's directors. | Bearing in mind SCL Elections is now out of business, the ICO said it might consider taking action against the company's directors. |
| "A successful prosecution may result in a conviction and an unlimited fine," added a spokeswoman. | "A successful prosecution may result in a conviction and an unlimited fine," added a spokeswoman. |
| How is AggregateIQ involved? | How is AggregateIQ involved? |
| The ICO said it had established that the Canadian data analytics firm AggregateIQ - AIQ - had access to UK voters' personal data provided by the Brexit referendum's Vote Leave campaign. | The ICO said it had established that the Canadian data analytics firm AggregateIQ - AIQ - had access to UK voters' personal data provided by the Brexit referendum's Vote Leave campaign. |
| It said it was now investigating whether this information had been transferred and accessed outside the UK and whether this amounted to a breach of the data protection act. | It said it was now investigating whether this information had been transferred and accessed outside the UK and whether this amounted to a breach of the data protection act. |
| The watchdog added that it continued to investigate to what degree AIQ and SCL Elections had shared UK personal data. | The watchdog added that it continued to investigate to what degree AIQ and SCL Elections had shared UK personal data. |
| And it said it had served an enforcement notice forbidding AIQ from continuing to make use of a list of UK citizens' email addresses and names that it still holds. | And it said it had served an enforcement notice forbidding AIQ from continuing to make use of a list of UK citizens' email addresses and names that it still holds. |
| What else is the regulator doing? | What else is the regulator doing? |
| Other action includes: | Other action includes: |
| The ICO said it expects the next stage of its investigation to be complete by the end of October. | The ICO said it expects the next stage of its investigation to be complete by the end of October. |