The lead data protection agency in England has announced a fine of $660,000 (£500,000), the maximum available, for Facebook over its release of user data to Cambridge Analytica, which used it to profile voters during the 2016 U.S. elections.
The Information Commissioner’s Office found that Cambridge Analytica harvested 87 million Facebook users’ personal data to target ads for political purposes. The agency also said Facebook did not seek to have the data deleted.
The social media giant, which has been under increasing criticism in the United States for its attacks on conservatives, was accused of two violations of the U.K. Data Protection Act 1998.
Facebook was cited for “failing to safeguard people’s information” and “failing to be transparent about how people’s data was harvested by others and why they might be targeted by a political part or campaign.”
The scandal prompted multiple orders for online political ads to be monitored and explained more adequately.
The Electronic Privacy Information Center, a privacy advocate, said Wednesday that it had warned the U.S. Federal Trade Commission and Congress that the release of personal information to Cambridge Analytica could have been avoided had the government enforced a 2011 Consent Order that involved Facebook.
Reports also said prosecutors plan to bring a criminal count against the defunct parent of Cambridge, SCL Elections.
The fine is a small one for Facebook, which was penalized about $100 million in 2017 by the European Commission.
Cambridge and its parent company both closed operations two months ago.
WND reported in June how Facebook was being confronted by a growing negative reaction to its privacy intrusions.
EPIC revealed at the time that Facebook was accused of tracking consumers’ online movements, even if they’re not logged in to the social media site.
It filed a friend-of-the-court brief in the 9th U.S. Circuit Court of Appeals where arguments are being held soon on a case brought by Perrin Aikens Davis, Brian Lentz, Cynthia Quinn and Matthew Vickery against Facebook.
“At issue is whether Facebook violated the privacy rights of users by tracking their web browsing even after they logged out of the platform,” EPIC explains.
The U.S. District Court for the Northern District of California had dismissed the claims, asserting “users should develop countermeasures to assert their privacy rights.”
EPIC has argued on behalf of internet privacy since 1997, when it conducted the first privacy survey of frequently visited websites and identified the risks that “cookies” would be used to track consumers.
A few years later, it filed the first Federal Trade Commission complaint against a company for cookie tracking.
The Facebook actions deserve a significant response, the organization argues, because the company hides behind “like” buttons on their pages and “secretly and surreptitiously builds detailed profiles on users even when they are no longer using the service.”
“This is precisely the type of invasive business practice that privacy laws were enacted to limit,” EPIC told the appeals court.
“Users expect that their web browsing history will remain private – no one imagines a marketing executive standing over their shoulder and taking notes as they use the internet – but the lower court improperly assumed otherwise, a clear error at the motion to dismiss stage.”
The filing explains: “Over the last two decades, the persistent tracking of internet users has grown more sophisticated and more secretive. A technique that was originally developed to assist users complete purchases on a particular website has been transformed into a method for tagging, tracking and monitoring people as they move across the network. Even technology experts with access to sophisticated privacy tools lack the ability to limit many of these new tracking techniques.”
The so-called “persistent identifier,” also known as a “magic cookie,” maintains the identity of the web user.
But the big companies immediately jumped on the opportunity and began not only helping users at websites, but tracking them everywhere.
In the two decades since it started identifying the problem, EPIC said, things have changed.
“Consumer tracking and profiling have proliferated in ways that would have been unimaginable to consumers at the time. Methods of web tracking have evolved beyond simple cookie tracking: companies now employ browser ‘fingerprinting,’ use invisible images called ‘pixel tags’ or ‘web beacons,’ collect unique device identifiers associated with users’ computers and phones, and use email addresses and other persistent identifiers to profile users.”
Facebook has established a reputation for deceiving users and, as a result, settled with the FTC in 2011 regarding privacy violations.
The company, however, refused to follow the terms of its own settlement.