Forbury People Limited


Facebook to pay for data protection breaches

13 July 2018

The ICO has announced that Facebook will be fined the maximum possible amount of £500,000 for its breaches of the Data Protection Act in relation to the Cambridge Analytica scandal, an amount that pales in comparison with the new fines introduced under GDPR.

We previously blogged on the scandal here. According to the Information Commissioner’s Office latest announcement, Facebook failed to safeguard users’ data by not ensuring the data given to Cambridge Analytica had been deleted and Facebook were not transparent to its users on the ways the data was being harvested.

Had the breaches occurred after the 25th May this year, Facebook would have been subject to the new GDPR fines. These would have amounted to the higher of €20 million (£17 million), or 4% of the company’s global turnover. For Facebook, a fine of 4% of global annual turnover could amount to around £1.4 million. 

The ICO’s announcement shows that this kind of breach will need to be treated very seriously in the future, with the ICO also contacting the 11 main UK political parties to direct them to have their data protection practices checked.

Facebook’s Chief Privacy Officer admitted that they could have “done more to investigate claims about Cambridge Analytica” earlier and will be responding to the ICO’s intent to fine in the coming weeks.  However, what is clear is that organisations now should not only ensure they have lawful bases on which to process data, but also (as is the intent of GDPR) be transparent with how they use the data. 


Ciara Duggan

Ciara Duggan

T: 0118 953 3929


Receive the Forbury People newsletter
Sign Up

© 2018 - Forbury People Limited Privacy & Cookies Policy

Forbury People Limited is a limited liability company registered in England and Wales. Registered number: 6251169. Registered office: 5th Floor, Thames Tower, Station Road, Reading, RG1 1LX. VAT registration number: 921 6822 30.