Forbury People Limited


Facebook and Cambridge Analytica: A warning to all

23 March 2018

The news surrounding Facebook and Cambridge Analytica sends a clear warning to organisations holding and processing personal data - tighten up your data processing and let individuals know what you will be doing with their data!

While the investigations of any wrongdoing by Facebook are ongoing, Facebook founder Mark Zuckerberg has already admitted that there has been a “breach of trust”.

The news could not be more timely. In the EU (including the UK), the General Data Protection Regulation is coming into effect on 25 May 2018. Amongst the changes are increased fines for data breaches (which, for some breaches, could be up to 4% of annual worldwide turnover or €20 million, whichever is higher) and the requirement for transparency on processing data. Put into context, based on Facebook’s reported turnover in 2017, 4% of global turnover equates to approximately $1.63 billion.

The allegations surrounding Facebook relate to a personality quiz offered on the platform in 2014. The data from the responses (for around 50 million users) was then allegedly sold to Cambridge Analytica and used by political clients. Current allegations include that such data was used in the 2016 US presidential election campaign.    

While the investigations have only just begun, the impact can already be seen, with the scandal reportedly wiping around $37 billion off the value of the business and some advertisers threatening to withdraw advertising. While Facebook says that it will change how it shares data with third party apps in the future, the damage has already been done.

While many organisations may think that such scandals will never affect them, given the need under the GDPR for data controllers to be transparent on their uses of personal data, all organisations need to be considering their position. Setting out the uses of personal data under a privacy notice will enable controllers to set out what they will do with individuals’ personal data. Abiding by this notice should then restrict the use of the data to confined boundaries and avoid any such negative press.

If you need any help compiling a privacy notice, or need to discuss the upcoming changes under the GDPR, please contact us at

Michael Hibberd

Michael Hibberd
Senior Solicitor

T: 0118 953 3929


Receive the Forbury People newsletter
Sign Up

© 2018 - Forbury People Limited Privacy & Cookies Policy

Forbury People Limited is a limited liability company registered in England and Wales. Registered number: 6251169. Registered office: 5th Floor, Thames Tower, Station Road, Reading, RG1 1LX. VAT registration number: 921 6822 30.