24 October 2018
The ICO sure is sounding angry.
The ICO has fined Facebook £500,000 for serious breaches of data protection. It's only the second time the ICO ever issues such a big fine. The other time being the huge security breach from Equifax.
The enforcement notice also suggests the ICO would have liked to have fined more "the Commissioner considers that the amount of £500,000 is not excessive: indeed, but for the statutory limitation of the amount of the monetary penalty, it would have been reasonable and proportionate to impose a higher penalty."
Facebook's global 2017 revenue was £41,000 million, so this fine is 0.001%. Compared with the future GDPR threat being up to 4%, or £1,640 million!
The ICO is looking at Facebook Ireland and US to pay the bill, rather than the UK company. It will be interesting to see how this plays out.
It was decided that Facebook (Ireland and US), as Data Controllers, breached the Data Protection Act 1998 in:
The ICO investigation highlighted:
The ICO also referenced legal cases across Europe, to help justify their actions - the CJEU in Google Spain v AEPD (2014) and Court of Appeal of Northern Ireland in CG v Facebook Limited and McCloskey (2016)
See the best data protection, privacy and security news...
|181130 Marriott data breach - 500m customers|
|181126 ICO fines Uber £385k; Dutch fine them £532k|
|181029 Portugal fines hospital £400k|
|181026 DataGRC article for CILEX (lawyer regulator) - GDPR update|
|181025 BA security breach update 185k avios reward users|
|181025 Security Breach Cathay Pacific 9.5m Passengers|
|181024 ICO DPA'98 fines Facebook £500k|
|181022 High Court holds morrisons liable for data breach.|
|181009 ICO PECR fine Boost (findmeafuneralplan.com) £90k|
|181008 ICO DPA'98 fine HAL £120k|
|181002 ICO PECR unfine STS Commercial £60k|
|181001 ICO PECR fine Oaklands Assist £60k|
|181001 FCA fine Tesco Bank £16.4m|
|180928 ICO DPA'98 fine BUPA £175k|
|180928 ICO DPA'98 fine Equifax £500k|
|180907 British Airways data breach 380,000 customers|
|181030 DataGRC GDPR article for EyeForTravel - 3 tips for managing data breaches|
|180427 DataGRC article for CILEX (lawyer regulator) - GDPR overview|
|180322 DataGRC GDPR article for EyeForTravel - 10 practical recommendations|
Add a comment or a question...
Articles made publically available on this website are general information and should never be mistaken for formal or legal advice. If you are seeking formal advice for your specific requirements, please contact our advisory team using the form above.