ICO hints at Facebook hypocrisy over data protection goals

ICO Elizabeth Denham

The Information Commissioner's Office (ICO) has responded to Mark Zuckerberg's call for greater regulation for internet firms, by asking Facebook to drop its appeal over a data protection fine.

Writing an opinion piece in the Washington Post, Zuckerberg outlined four areas which he felt new regulations and standardised systems were needed. He called for the global enforcement of privacy, election integrity and data protection rights.

While these all sound like the right things to say, the UK's Information Commissioner Elizabeth Denham took the opportunity to point out that Facebook is still fighting current regulations.

"In light of Mark Zuckerberg's statements over the weekend about the need for increased regulation across four areas, including privacy, I expect Facebook to review their current appeal against the ICO's 500,000 fine - the maximum available under the old rules - for contravening UK privacy laws," she said in a statement on Monday.

The fine Denham referred to is the 500,000 fine, the maximum under the Data Protection Act 1998, which the regulator imposed on Facebook in October for serious breaches of data protection law.

An ICO investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing app developers access to their information without clear and informed consent - this also included access even if users had not downloaded the Facebook app, but were friends with people who had.

Facebook also failed to keep personal information secure because it failed to make suitable checks on apps and developers using its platform. This directly led to the Cambridge Analytica scandal, which has seen Facebook become the focus of tougher internet and data regulations.

Since then, the social network and Zuckerberg, has sought to change its reputation and by repeatedly sending out the message that it's doing everything it can to comply with data privacy. However, despite talking a good game, there have been plenty of incidents to show the company still isn't on the ball when it comes to data protection, such as the recent announcement that millions of users passwords were left unencrypted.

In response to the ICO's call to drop its appeal, Facebook told IT Pro that it thinks there is a place for increased regulation of the tech industry, but that doesn't mean it won't disagree with regulators on some of the decisions made. The social network stands by the statement it released in November, outlining its appeal.

"The ICO's investigation stemmed from concerns that UK citizens data may have been impacted by Cambridge Analytica, yet they now have confirmed that they have found no evidence to suggest that information of Facebook users in the UK was ever shared by Dr Kogan with Cambridge Analytica, or used by its affiliates in the Brexit referendum," a spokesperson said.

"Therefore, the core of the ICO's argument no longer relates to the events involving Cambridge Analytica. Instead, their reasoning challenges some of the basic principles of how people should be allowed to share information online, with implications which go far beyond just Facebook, which is why we have chosen to appeal."

Bobby Hellard

Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.

Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.