Facebook fined the price of a vanilla spiced latte for serious customer data breaches

Business

Want a chuckle this morning? The Information Commissioner’s Office (ICO) has given notice that it intends to fine Facebook £500,000 for two breaches of the Data Protection Act.

The penalty relates to the Cambridge Analytica data scandal, and what is alleged represents a serious breach of the law.

Yet Facebook last year reported revenues of just under $40.7bn (£30.7bn) on which it made a net profit of $15.9bn. The dollar value of the UK fine is $662,340 at today’s exchange rates. Last year the company took in that amount of money in less than 10 minutes. It made that amount of profit in about 22.

The average weekly wage in Britain is £539. Buying a vanilla spiced latte from Starbucks, which costs £3.25 according to the coffee company’s website, would have a greater impact on Mr or Mrs Average than the maximum penalty the ICO is allowed to impose upon a gigantic corporation for a serious breach of the 1998 legislation affecting, at the last count, 85 million people.

It’s true that Facebook isn’t best pleased with the negative publicity it has been getting and has likely spent a lot more than £500,000 on ads designed to tell us it cares. Just not enough for CEO Mark Zuckerberg to answer MPs’ questions in parliament. Make of that what you will.

Fortunately, the introduction of the EU’s GDPR regime has changed things radically. You may have been caused some irritation by pop-ups on websites telling you about cookies, and emails from organisations you didn’t knew existed saying “please can we keep in touch”.

The upside is that GDPR should at least get companies like Facebook thinking about how they use our data because the law allows for fines of up to 4 per cent of turnover.

Had the offences occurred last year and had the new regime been in force, Facebook could have been on the hook for up to $1.6bn. That’s the sort of number even a company of its size would have to take seriously. Well, look at that. Another thing to thank the EU for.

You can bet UK’s sorry band of  politicians wouldn’t have countenanced anything like that and that they won’t when they “take back control”. They’ve proved that the interests of the “British people” aren’t high on their list of concerns.

Democracy Disrupted, a parallel ICO report into the use of data by political campaigns, demonstrates that. It suggests that UK political parties are up to their necks in it when it comes to the misuse of big data.

The ICO has sent warning letters to 11 of them, along with notices compelling them to agree to audits of their data protection practices.

It further plans to bring criminal action against Cambridge Analytica’s now defunct parent company SCL Elections. And it has ordered Aggregate IQ, which worked for the Vote Leave campaign in the run-up to the EU referendum, to stop processing UK citizens’ data. They’re just a few potted highlights. There’s a lot more on the ICO’s website.

This is chilling to note on the same day the Financial Conduct Authority (FCA) chair Charles Randell gave a speech which covered data collection and its use in combination with artificial intelligence by financial firms.

He cited a report in the New York Times that said that some credit card companies in the US had started cutting cardholders’ credit limits when charges appeared for marriage guidance counselling, because marriage breakdown is highly correlated with debt default.

There were also reports earlier this year claiming that price comparison websites quoted significantly higher car insurance premiums to people with names suggesting they were members of ethnic minorities.  

Mr Randell likened the situation we face today to the world depicted in The Prisoner, the 1960s TV classic in which Patrick McGoohan plays “Number Six”, a character who is abducted and held captive in an oppressive and surreal community called the Village. Its residents have no names. Just numbers.

The allusion was well made.

The ICO is at least taking the matter seriously. It is to be hoped that it will prove willing to use the full powers it has been granted under GDPR in future.

The FCA should be no less active.

The trouble is regulators work at the behest of politicians. The ICO’s report suggests that at least some of the ones in Britain might not be too keen on their baring their claws.

Leave a Reply