The UK’s data regulator has ended its investigation into the infamous Cambridge Analytica scandal, declaring that the models and techniques used by the now-defunct data processing company were exaggerated and likely inaccurate.
Writing to the chair of parliament’s digital, culture, media and sport committee Julian Knight, the Information Commissioner Elizabeth Denham has also reiterated that its ongoing investigation into data abuse rendered no further evidence to warrant any further action.
This investigation, spearheaded by the Information Commissioner’s Office (ICO), included an analysis of materials obtained from Cambridge Analytica, and seized under warrant. This process, however, led Denham to the conclusion there is very little to change the regulator’s initial understanding of what happened.
The scandal erupted in the form of a data leak first reported in December 2015, and quickly gained traction as the implications became much clearer. Cambridge Analytica had been found to gather data from Facebook users in the form of an online quiz, as well as their friends and contacts.
By harvesting and processing this data, it was reported the company was able to market a tool to political campaigns that would microtarget voters based on granular demographic information with specific messaging.
In reality, however, the ICO argues the powers of Cambridge Analytica in this department were overhyped and ineffective against the purpose.
The company’s claim that it had “over 5,000 data points per individual on 230 million adult Americans”, for example, may have been exaggerated. The data analysis techniques used were also in the main commonly available and routinely used by other entities.
Within the company, there was also a level of scepticism as to whether the technology actually worked, according to internal communications, with concern about the external company messaging set against the reality of results.
The ICO opened an investigation into the implications of the data leak, as well as the wider use and abuse of data in political campaigning not long after the story first broke. Facebook was fined £500,000 as a result of the investigation, while the Brexit campaigns Vote Leave and Leave.EU were each fined £40,000 and £15,000 respectively for violaitions.
“Since my last appearance before the Committee in April 2019 my office has continued its investigative work, completing the remaining lines of enquiry as far as the evidence took us,” Denham wrote in the letter.
“This included analysis of materials obtained during the investigation and those seized under warrant. This has, overall, confirmed and reinforced the findings of my previous reports. I have therefore concluded that there is little in the vast volumes of evidence we have now worked through that has changed our initial understanding or identified new lines of enquiry that suggest they could drive new insight.”
The ICO, therefore, has concluded there is no further reason to take any additional action around the use of data in political campaigning. This is despite Denham confirming she has been compelled to make “significant recommendations” to a number of organisations, including political parties and data brokers, in order for them to make changes to comply with data protection legislation.
This suggests there has been some non-compliance with legislation such as the Data Protection Act 2018, although Denham added “identified no significant breaches of the privacy and electronic marketing regulations and data protection legislation that met the threshold for formal regulatory action.”
This is made in specific reference to the wider investigation on both the remain and leave side of the UK’s Brexit referendum. “Where the organisation continued in operation,” she continued, “I have provided advice and guidance to support better future compliance with the rules.”
