Facebook could have faced $1.6 billion fine under new General Data Protection Regulation
Yesterday (10 July 2018) the UK Information Commissioner, Elizabeth Denham, published a progress report in relation to her office’s investigation into the use of data analytics in political campaigns. This investigation has focussed on Facebook and Cambridge Analytica. The Information Commissioner’s Office (ICO) has said it intends to fine Facebook £500,000 for two breaches of the Data Protection Act 1998. This is the maximum fine that can be imposed under that legislation. However, the position could have been much worse for Facebook.
From 25 May 2018 the Data Protection Act 1998, for most practical purposes, was replaced and substituted by the General Data Protection Regulation (GDPR). Breach of GDPR gives the ICO the power to impose a penalty of £17m (€20m) or 4% of global turnover, whichever is higher. Because the incidents in this investigation occurred prior to 25 May, the penalties the ICO proposes to levy will be capped at the maximum under the old legislation. If that had not been the case, with revenue of US $40.7 billion in 2017, Facebook could have been facing a fine equivalent to US $1.6 billion. Whilst the likelihood of a fine of that magnitude may be remote, the fact that the ICO has fined Facebook the maximum it could under the old legislation is indicative of how seriously the ICO takes this breach and it is fair to speculate that Facebook would have been facing a heavier fine under GDPR.
Facebook has the opportunity to respond to the Commissioner before a final decision will be made.
GDPR now applies. Is your organisation GDPR compliant? Does it understand what its obligations are and is it discharging them? Have your staff been trained in relation to GDPR? Linder Myers Solicitors are here to help, please do not hesitate to Call Us on 0800 042 0700 or email firstname.lastname@example.orgFind out more about our Corporate Commercial department