Italian privacy regulator gives Facebook €1m slap on the wrist
Image credit: Image Source
The Italian data regulator has landed Facebook with a €1m (£900,000) fine for violating privacy laws in the context of the Cambridge Analytica scandal.
In March 2018, the Observer revealed that a UK-based data analytics company, Cambridge Analytica, had harvested data from 87 million unwitting Facebook users, via a third-party personality quiz app, which scraped data from users who downloaded the app and their Facebook contacts. This data was used to create political ad targeting tools based on individuals’ psychological profiles, which were then used by the 2016 Trump campaign. Cambridge Analytica also worked on the Leave campaign in the run-up to the 2016 EU referendum.
The Italian Privacy Guarantor said that 57 Facebook users based in Italy had downloaded the quiz app, affecting a further 214,077 Italian users who did not consent to having their data collected and processed.
The Guarantor has fined Facebook €1m (£900,000) for its failure to protect user data. In March, the Guarantor had challenged Facebook over the breach and the company offered to pay a reduced fine of €52,000 to settle the case. However, the authority decided that the scale of the privacy violation was too great to qualify for a reduced fine.
“The sum takes into account, in addition to the size of the database, also the economic conditions of Facebook and the number of global and Italian users of the company,” a statement from the Privacy Guarantor said. The offences occurred before the introduction of GDPR across the EU (which allows for companies to be fined up to four per cent of their annual global turnover), meaning that the data watchdog has been limited to a small fine for a company of Facebook’s size.
In a statement, a Facebook spokesperson said that evidence indicated that no data from Italian users was shared with Cambridge Analytica.
“We made major changes to our platform back then and have also significantly restricted the information which app developers can access,” the spokesperson said. “We’re focused on protecting people’s privacy and have invested in people, technology and partnerships, including hiring more than 20,000 people focused on safety and security over the last year. We will review the [Guarantor’s] decision and will continue to engage constructively with their concerns.”
In May 2017, the regular fined the company with €3m (£2.7m) for sharing WhatsApp user data with Facebook following its acquisition of the encrypted messaging app and after claiming that WhatsApp user data would not be shared with Facebook. In December 2018, Italian authorities fined Facebook €10m (£9m) for misleading users in the sign-up process about the extent to which their data would be used for business purposes, emphasising the free nature of the service without giving users sufficient information to understand what they were providing in exchange for the service, and forcing an ‘aggressive practice’ on users by sharing data with third parties for advertising purposes.
Last year, the UK Information Commissioner’s Office fined Facebook £500,000 for its failure to prevent the Cambridge Analytica breach. Facebook has appealed the fine, arguing that there is no evidence that British Facebook users were affected by the incident.
Facebook is notably also under investigation in Ireland – where its international headquarters are based – and in the US. The US Federal Trade Commission is believed to be in the final stages of settling a $3-5bn (£2.4-4bn) fine with Facebook over its role in the Cambridge Analytica scandal.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.