Facebook has been fined the maximum amount possible after the data of up to 87 million people was harvested.
The UK’s Information Commissioner’s Office fined Facebook £500,000 as part of an investigation into the use of data analytics for political purposes.
The ICO’s investigation found the social media company failed to protect people’s information.
The data of 87 million people was harvested without their knowledge by a company called GSR, with some of the data later shared with SCL Group, the parent company of Cambridge Analytica.
The ICO investigation ruled that Facebook “did not do enough” to ensure organisations with data took “adequate and timely remedial action” including deleting the personal information.
ICO added that Facebook did not suspend SCL Group from its platform until 2018.
'It should have done better'
Elizabeth Denham, Information Commissioner, said: “Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data.
“A company of its size and expertise should have known better and it should have done better.”
Ms Denham added: “We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR.
“One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data.
“Our work is continuing. There are still bigger questions to be asked and broader conversations to be had about how technology and democracy interact and whether the legal, ethical and regulatory frameworks we have in place are adequate to protect the principles on which our society is based.”
MS Denham is expected to give a further update on November 6, when she gives evidence to the Department for Digital, Culture, Media and Sport Select Committee.