Home / News & Resources / News & Updates / Agreement reached between Facebook and the ICO

Agreement reached between Facebook and the ICO

  • Posted on

According to a statement on the Information Commissioner's Office (ICO) website, an agreement has finally been reached between Facebook and the data protection regulator. This comes after Facebook was accused of failing to protect the personal data of its users. As part of this agreement, Facebook has agreed to pay a £500,000 fine but has made no admission of liability.

What happened in this case?

In 2018, a whistle-blower revealed how Facebook data was harvested to target American voters on behalf of Donald Trump's election team. Speaking to journalists, Christopher Wylie, an ex-employee of data analytics firm Cambridge Analytica, said that millions of Facebook profiles were harvested and used by his then employer to influence the US presidential election. There were also concerns over whether illegally acquired data was used to target voters and influence the EU referendum result.

Furthermore, while Facebook found out about the breach in 2015, the social media giant failed to alert its users, and did not take adequate steps to recover and secure the private information. In response, the ICO launched an investigation into the activities of Facebook and the retention, sharing and distribution of data illegally in the UK. As part of that investigation, on 24 October 2018, the ICO issued a penalty of £500,000 against Facebook.

Incidentally, in May 2017 the ICO announced a formal investigation into the use of data analytics for political purposes. It admits that, at this time, "we had little idea of what was to come". Today, this investigation is one of the largest of its kind and is ongoing.

How did Facebook respond?

Facebook chief executive Mark Zuckerberg admitted user privacy mistakes and said he realised he needed to be more public and accountable. In an interview with CNN, he said that he would not be against regulation of his social media company. He has also pledged to review "thousands of apps" in an "intensive process". However, rather than paying the ICO fine, Facebook filed an appeal.

After much negotiation between the two parties, an agreement has now been reached.

What is the result of this case?

Facebook has now agreed to pay the £500,000 fine to settle the investigation into data harvesting by Cambridge Analytica (now defunct). But despite this, the company does not admit wrongdoing. It argues that it didn't violate people's privacy by allowing the data transfers and that its prior terms of service and privacy policies allowed for the transfer of user data to outside developers, unless people adjusted their privacy settings. The ICO has rejected that position.

However, the settlement does allow Facebook to resume its own investigation into issues around Cambridge Analytica. And, as a result, the ICO believes that this agreement best serves the interests of all Facebook users in the UK.

Commenting on the agreement, James Dipple-Johnstone, the ICO Deputy Commissioner said:

"The ICO welcomes the agreement reached with Facebook for the withdrawal of their appeal against our Monetary Penalty Notice and agreement to pay the fine. The ICO's main concern was that UK citizen data was exposed to a serious risk of harm. Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy. We are pleased to hear that Facebook has taken, and will continue to take, significant steps to comply with the fundamental principles of data protection. With this strong commitment to protecting people's personal information and privacy, we expect that Facebook will be able to move forward and learn from the events of this case."

Harry Kinmonth, Director and Associate General Counsel, Facebook commented:

"We are pleased to have reached a settlement with the ICO. As we have said before, we wish we had done more to investigate claims about Cambridge Analytica in 2015. We made major changes to our platform back then, significantly restricting the information which app developers could access. Protecting people's information and privacy is a top priority for Facebook, and we are continuing to build new controls to help people protect and manage their information. The ICO has stated that it has not discovered evidence that the data of Facebook users in the EU was transferred to Cambridge Analytica by Dr Kogan. However, we look forward to continuing to cooperate with the ICO's wider and ongoing investigation into the use of data analytics for political purposes."

Social Media and politics

Despite the agreement, it seems that the controversy over how social media is used politically is far from over. Not least because, on the very same day the settlement was reached, Twitter announced that it would stop accepting political ads. This move puts Twitter at odds with Facebook executives who have robustly defended their policy of not fact-checking political ads. But, despite Zuckerberg's uncompromising stance on this matter, the fact that Twitter has decided not to permit political advertising will put additional pressure on Facebook.

For more data privacy protection news and updates, follow Hayes Connor Solicitors on Twitter and Facebook.