ICO Calls On Facebook To Prove It’s Sincere On Regulation

The UK’s Information Commissioner has called on Facebook to revisit its decision to appeal a £500,000 privacy fine in light of the social network’s call over the weekend for more regulation of internet firms.

Facebook chief executive Mark Zuckerberg used an op-ed piece in The Washington Post to call for an international framework that would “establish a way to hold companies such as Facebook accountable by imposing sanctions when we make mistakes”.

He said the regulations should cover areas including privacy and data portability.

Zuckerberg’s comments were met with scepticism by lawmakers and industry watchers in the US.

Maximum fine

Now Elizabeth Denham, who has taken an active role in bringing Facebook to task over its data-protection scandals, said that if Facebook is sincere in seeking out a stronger regulatory approach, it should take another look at its decision to appeal last year’s £500,000 fine.

The Information Commissioner’s Office (ICO) imposed the penalty last July for Facebook’s lax handling of users’ data between 2007 and 2014, and the resulting Cambridge Analytica leak.

Denham made it clear at the time that the fine would likely have been much higher under the stricter GDPR rules that came into force last year.

“In light of Mark Zuckerberg’s statements over the weekend about the need for increased regulation across four areas, including privacy, I expect Facebook to review their current appeal against the ICO’s £500,000 fine – the maximum available under the old rules – for contravening UK privacy laws,” Denham said in a statement.

Appeal plans

Facebook responded that it  is not planning to withdraw its appeal, and referred to the company’s statements at the time the appeal was announced in November.

At the time, Facebook said the ICO had found no evidence that Facebook improperly shared data with Cambridge Analytica, adding that the ruling would set a precedent that could place inappropriate restrictions on the way people and organisations share information online.

Denham said at the time that the reasons given by Facebook were “disingenuous”.

Under the GDPR, data protection authorities can impose fines of up to £17 million or 4 percent of a firm’s global annual turnover.