The Cambridge Analytica affair saw a Facebook vulnerability afford app developers access to user data without insisting on ‘clear consent’. It also failed to apply proper checks on either apps or developers using its systems.
In a statement outlining its stance the ICO wrote: “Between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply 'friends' with people who had."
Acknowledging the criticism in a statement Facebook responded: “While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015.”
The sum incurred is the maximum allowable under the law as the offence predates more onerous restrictions put in place with the advent of Europe-wide GDPR rules, which took effect in May.
The European Union recently warned Facebook that it could be fined as much as $1.63bn over data breaches.
To help it navigate these regulatory and legal issues it brought aboard UK political heavyweight Nick Clegg to lead policy. The move was widely scoffed at.