Facebook Receives a Maximum Fine From ICO for Analytica’s Leak


Who would’ve thought that the British data analytics firm “Cambridge Analytica” helping Donald Trump win the US presidency in 2016 had anything to do with the misuse of private data? Well, after a thorough investigation, the UK’s Information Commissioner’s Office (ICO) did.

Everything started back in March 2018, when the ICO launched an investigation on Cambridge Analytica. It took only a couple of months for ICO experts to discover the malicious pattern of private data misuse.

The aftermath? Facebook has been fined £500,000 ($664,000) for breaking the strict laws and regulations on data sharing (Data Protection Act). The ICO has concluded that Facebook is to be held responsible for revealing personal data of some 87 million users.

Political consultancy firm Cambridge Analytica gathered the data. But, more importantly, it was put to use, thus violating the number of data privacy policies.

The ICO investigation followed up what the whistleblower, Chris Wyle, had discovered only to confirm that there was a malicious pattern. The further investigation revealed the actions that lead to Analytica’s leak.

It all started with a benign personality test app created by a researcher Michal Kosinski. After seeing the potential of the app, Aleksandr Kogan, the professor at Cambridge University, approached Kosinski and asked him for the Facebook users’ data the app had collected that far. Kosinski refuted Kogan’s request, and that’s where Cambridge Analytica decided to come in.

In fact, Cambridge Analytica paid Kogan over $800,000 to create a similar app. This new app became an absolute hit on the Facebook platform. It attracted over 320,000 users. The app gathered users’ data in two instances. When users started the app, it requested permission to collect:

  •        Public profile data, including name and gender
  •        Photographs in which the users were tagged
  •        Birthdate
  •        Pages users had liked
  •        Current city

But the app also continued to collect the data while users were using it to complete the tests, including:

  •        Posts on the users’ timeline
  •        Pages users had liked
  •        Newsfeed posts
  •        Friend lists
  •        Email addresses

The main problem originated from the flaw in Facebook’s API at the time. It allowed the app not only to collect the data of its users but also a wide range of information about each user’s friends. This is how people working for Cambridge Analytica got their hands on the data of 87 million Facebook users. 30 million of these were US voters.

Cambridge Analytica applied the OCEAN model to analyze the tests and identify what type of people might support to specific things and issues. This is just another way of saying: “How to learn to manipulate public opinion, including the manipulation of voting patterns.” Fortunately, the ICO had put Cambridge Analytica under investigation as early as May 2017.

In this storm, with Facebook at its center, almost 100 million Facebook users’ data privacy rights were violated. But Facebook got lucky with a £500,000 fine. It all boils down to the timing of the scandal. In fact, the ICO fine was imposed under the old UK’s Data Protection Act. This act was replaced by the new EU’s General Data Protection Regulation (GDPR).

The GDPR has much more significant penalties for companies that participate in privacy breaches of such magnitude. According to the new GDPR, for a privacy breach, a company could face a maximum fine of 4% of its annual global revenue or 20 million euros.

The higher figure of these two is the fine. According to Statista, Facebook’s annual revenue in 2017 was $40.7 billion. This means that the fine could have been $1.6 billion if they have violated the privacy rights regulated by the new GDPR.

Facebook had to deal with losing its market value after the incident. Reportedly the company lost over $60 billion in market value two days following the incident, but for such a big and prosperous enterprise, the blow was withstandable. Let alone the £500,000 fine which was nothing more than a little slap on the wrist for the social media giant.

And as you can see in the graph below, it only took a couple of months for Facebook to recuperate from the scandal and to increase its stock value above the pre-incident level.

Facebook had to deal with another problem, as users started to deactivate their accounts following the Cambridge Analytica incident. Back in March the hashtag #DeleteFacebook appeared more than 10,000 times on Twitter. And the movement was enforced by various news outlets by publishing content explain why people need to take a break from Facebook, NordVPN article being one of them which you can find here.

The hashtag became viral, and it was mentioned more than 40,000  times. Even some of the influencers, including Brian Acton, the co-founder of the WhatsApp, have used their Twitter accounts to tell their audiences that it’s time to delete Facebook.