- Facebook is not even close to getting its house in order on protecting people’s privacy, according to Britain’s information commissioner Elizabeth Denham.
- She said Facebook’s business model rubs against privacy laws and it is part of an ecosystem that has shown a “very disturbing disregard” for the data of British citizens.
- Denham’s office fined Facebook last month for the Cambridge Analytica scandal, and has now referred it to the Irish Data Protection Commissioner over other concerns about data gathering.
- Facebook could be fined up to $US1.6 billion if it has breached the EU’s GDPR privacy laws.
Facebook is not even close to getting its house in order on protecting people’s privacy, according to the woman who hit the company with a maximum fine for the Cambridge Analytica catastrophe.
The UK’s Information Commissioner’s Office (ICO) fined Facebook £500,000 ($US645,000) last month for the Cambridge Analytica data breach as part of an unprecedented investigation into data misuse in British politics.
Giving evidence to a British parliamentary committee on Tuesday, information commissioner Elizabeth Denham said Facebook has a lot of work to do to improve its privacy processes. She added that regulation is required to ensure the company gets its act together.
Denham said Facebook’s advertising business model rubs against privacy laws and the company is part of an ecosystem that has shown a “very disturbing disregard” for the data of British citizens.
“Regulators need to look at the effectiveness of their processes,” she told lawmakers of the Digital, Culture, Media, and Sport Committee. “There’s a fundamental tension between the business model, the advertising business model of Facebook, and fundamental rights like protection of privacy.”
She added: “Facebook needs to significantly change their business model and practices to maintain trust.”
Denham made repeated reference to the fact that data practices at companies like Facebook and Twitter need to be “subject to stricter regulation and oversight.” She added: “The time for self-regulation is over… that ship has sailed.”
Denham was speaking as the ICO published a 113-page investigation into the use of data analytics in political campaigns. The report provides a comprehensive account of the Cambridge Analytica breach, which allowed the political consultancy to exploit the data of 87 million Facebook users harvested by developer Dr Aleksandr Kogan.
Facebook referred to the Irish Data Protection Commissioner
It also refers Facebook to the Irish Data Protection Commissioner over “ongoing concerns” about the company’s “targeting functions and techniques that are used to monitor individuals’ browsing habits, interactions and behaviour across the internet.”
The Irish Data Protection Commissioner oversees GDPR complaints made against Facebook. The EU’s GDPR laws allow data regulators to fine companies up to 4% of their global turnover, which in Facebook’s case would be $US1.6 billion.
A Facebook spokeswoman said: “We regularly engage with regulators regarding our advertising tools, which we believe fully comply with EU data protection laws. We look forward to continuing these discussions with the Irish Data Protection Commissioner, as our lead regulator on data protection matters under the GDPR.”
The company is currently reviewing the £500,000 ICO fine and has left the door open to a potential appeal.