14 DAY TRIAL // Facebook appealed the £500,000 fine imposed by UK's Information Commissioner's Office (ICO) in October as a result of the Cambridge Analytica scandal because the penalty disputes the underlying systems used by people while sharing information via online networking platforms.
"The ICO's investigation stemmed from concerns that UK citizens' data may have been impacted by Cambridge Analytica, yet they now have confirmed that they have found no evidence to suggest that information of Facebook users in the UK was ever shared by Dr Kogan with Cambridge Analytica, or used by its affiliates in the Brexit referendum," said EMEA Anna Benckert, Facebook's VP & Associate General Counsel, in a statement.
As detailed in ICO's monetary penalty notice (PDF), the Cambridge Analytica incident is estimated to have impacted 87 million Facebook users who had their data collected by third-party developers without consent, and the ICO imposed the maximum possible penalty under the UK's Data Protection Act 1998.
Despite that, if the data breach would have happened after the date EU's General Data Protection Regulation (GDPR) came into force on May 25, 2018, Facebook could have been fined up to €20 million.
As per GDPR's requirements, for particularly severe violations, listed in Art. 83(5) GDPR, the fine can be up to €20 million, or of up to 4 % of the entity's total global annual turnover, whichever is higher.
Facebook could have been imposed a much large fine of up to €20 million under EU's GDPR
"The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had," says the ICO press release.
In the incident at the core of the Cambridge Analytica scandal, a Dr. Aleksandr Kogan and his company GSR were able to secretly collect and exfiltrate information of around 87 million people using the "This Is Your Digital Life" app.
Even though their app was supposed to collect personal information only from Facebook users who had given their consent for this to happen, the app managed to go way beyond its scope by grabbing the data of all friends in those users' Facebook social networks.
"For example, under ICO’s theory people should not be allowed to forward an email or message without having agreement from each person on the original thread," Benckert also stated.
Moreover, "These are things done by millions of people every day on services across the internet, which is why we believe the ICO’s decision raises important questions of principle for everyone online which should be considered by an impartial court based on all the relevant evidence."