Ahh good old GDPR. When you think that you have heard the last of it, it always seems to crop back up somewhere. But this time, Facebook find themselves on the softer end of a fine by the Information Commissioners Office (ICO).
It seems like months ago now that the words on everyone’s lips were “Cambridge Analytica”, the now infamous data company that harvested millions of Facebook user’s data via the exposed permissions on an app installed using people’s Facebook profiles. But now this appears to have caught up with the social media giant who have been fined £500,000 for the data breaches.
In a statement, the ICO said
“Between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had.”
The fine is cited as being the largest fine that the ICO could administer to companies pre-GDPR. This does leave you a little sceptical and eye-rolling at best. Poor old Facebook, receiving a fine for a data breach that many premier league footballers earn in a month, let alone one of the richest companies in the world.
So does this give us some idea into actually how effective and more threatening the new GDPR actually are? Certainly from our perspective.
Had Facebook committed the breaches post-25th May 2018 they would have fallen under the new fines jurisdiction in which the maximum fine is 20 million euros or 4% of annual turnover; whichever is greater. This would mean that, with a turnover of $40 billion in 2017, Facebook would have been facing a much heftier fine of around $1.6billion – slightly more than what seems like pocket change in £500,000.
Stronger fines, stronger deterrent
While there hasn’t been a massive fining episode bestowed upon businesses that breach the new rules just yet, this could either be a sign that it’s too early to say or simply that everyone appears to now be behaving themselves. Although, we are sure that it is just a case of it being too soon to tell just yet.
Affecting the consumer
As aforementioned, the majority of impact thus far seems to be on the consumers and website visitors themselves. You can’t visit any website nowadays without being stopped to accept some privacy terminology or give your consent to store cookies in your browser. In addition to this however is the fact that the ICO have reported that complaints have more than doubled in the UK since the introduction of the new regulations.
The ICO explained:
“Generally, as anticipated, we have seen a rise in personal data breach reports from organizations,” said an ICO spokesperson. “Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase too.”
So it seems that currently, it only appears to be the end-user that is feeling the initial effects of GDPR compliance… that is unless you are a marketer, a web developer, a business owner, a legal representative or data protection officer. In fact lots of people on the business side of things have been and still are affected by GDPR compliance since well before the “deadline”. But this provides us with tangible evidence that something is being enforced and that something is being done by authorities to ensure that businesses treat our personal data with respect, privacy and purpose.
The growing sense however is that the ICO will continue to be a “toothless” organisation that only threatens the fines without taking much action on proper breaches. This has lead to a sense among some in the industry that “no one is checking anyway so, we won’t get fined” and until the ICO do hit a large organisation such as Google, Facebook or any household name brand with an appropriate, justified sanction; this worrying stigma may continue to grow.
Luckily for Facebook they weren’t the first example to be made by the ICO. This time!
Creating bespoke software solutions for clients is our passion; we’re a development house based in the North West, working with businesses and organisations across a wide range of industries and sectors. To read about our previous work for yourself, feel free to explore our case studies page, or get in touch directly to find out more from our team.