tashka2000 - Fotolia

Facebook among 30 organisations under investigation by the ICO

Facebook is among 30 organisations under investigation by the UK’s privacy watchdog for misusing personal data for political and other purposes

The Information Commissioner’s Office (ICO) has announced that it is investigating 30 organisations, including Facebook, as part of a probe into the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors.

The announcement coincided with an admission by Facebook that the data exploitation scandal involving London-based data mining firm Cambridge Analytica involved nearly 1.1 million Britons. That figure is out of 87 million users in total who had their profile data extracted by a quiz app downloaded by just 305,000 people.

Facebook calculated the numbers based on the maximum amount of friend connections for each of the Facebook users who downloaded the quiz app.

Cambridge Analytica, which allegedly used the data for Donald Trump’s 2016 presidential election campaign, and AggregateIQ – a Canadian data company that reportedly played a role in the Vote Leave campaign in the UK referendum on leaving the European Union – have also been named by the ICO as being involved in the investigation.

Digital minister Matt Hancock said it was “completely unacceptable” that the information had been put at risk, reports The Telegraph.

“I'll be meeting Facebook next week. I expect Facebook to explain why they put the data of over a million of our citizens at risk. This is completely unacceptable, and they must demonstrate this won't happen again,” he said in a tweet.

Information commissioner Elizabeth Denham said the ICO’s investigation in data misuse is looking at how data was collected from a third-party app on Facebook and shared with Cambridge Analytica.

“We are also conducting a broader investigation into how social media platforms were used in political campaigning,” she added.

Read more about Facebook and privacy

While Facebook has been cooperating with the ICO, Denham said it is too early to say whether the changes the social networking firm is making are sufficient under the law, commenting that this an “important time” for privacy rights.

The deadline for compliance with the EU’s General Data Protection Regulation (GDPR) is just over a month away (25 May 2018) and the UK plans to introduce GDPR-aligned data protection legislation around the same time. Facebook will have to be more careful about data collection once compliance with the GDPR and its UK equivalent becomes mandatory.

“Transparency and accountability must be considered, otherwise it will be impossible to rebuild trust in the way that personal information is obtained, used and shared online,” said Denham.

“This is why, besides my investigation, which could result in enforcement action, I will also be making clear public policy recommendations to help us understand how our personal data is used online and what we can do to control how it's used.”

Although Denham has indicated there will be a wide range of enforcement action available under the GDPR and the new UK data protection legislation, both include fines of up to £18m (€20m).

Since news of the data exploitation scandal broke, Facebook has been counting the cost in terms of the billions of dollars wiped off the company’s share value.

While the firms share price has climbed by more than 5% since its lowest point, it is still roughly 10% below where it was before, according to The Telegraph.

However, Facebook founder and chief Mark Zuckerberg claimed the scandal has not had a “meaningful” impact on how many people are using the social network and COO Sheryl Sandberg said that few advertisers had paused their spending. 

Zuckerberg has reportedly refused to appear in person before a committee of British MPs, but he has agreed to testify before a joint hearing of two US Senate committees, in addition to his appearance before a House committee next week, reports The Guardian.

He is to appear before the Senate judiciary and commerce committees on 10 April, and then the House energy and commerce committee on 11 April. ....................................... ........................................ .............................

Read more on Privacy and data protection

Data Center
Data Management