Italy Stings Facebook With $1.1 Million Fine For Cambridge Analytica Data Misuse

Italy's data protection watchdog has slapped Facebook with a $1.1 million fine for violations of local privacy law attached to the Cambridge Analytica data misuse scandal. TechCrunch reports: Last year it emerged that up to 87 million Facebook users had had their data siphoned out of the social media giant's platform by an app developer working for the controversial (and now defunct) political data company, Cambridge Analytica. The offences in question occurred prior to Europe's tough new data protection framework, GDPR, coming into force -- hence the relatively small size of the fine in this case, which has been calculated under Italy's prior data protection regime. (Whereas fines under GDPR can scale as high as 4% of a company's annual global turnover.) A Facebook spokesperson issued the following statement: "We have said before that we wish we had done more to investigate claims about Cambridge Analytica in 2015. However, evidence indicates that no Italian user data was shared with Cambridge Analytica. Dr Kogan only shared data with Cambridge Analytica in relation to U.S. users. We made major changes to our platform back then and have also significantly restricted the information which app developers can access. We're focused on protecting people's privacy and have invested in people, technology and partnerships, including hiring more than 20,000 people focused on safety and security over the last year. We will review the Garante's decision and will continue to engage constructively with their concerns."

Re:Hell Yeah!

[ShanghaiBill]

Facebook has annual revenue of about $70B. They receive $1M in advertising revenue every seven minutes.

Re:

[AmiMoJo]

It's not about the money. It's about showing that the regulator can and will investigate these things, and then apply the maximum possible sanctions. And the maximum possible sanctions are now 4% of global turnover ($2.8 billion per incident) and being forced to stop processing personal data entirely.

So Facebook will doubtless be paying attention because a) the regulator didn't fall for their bullshit excuses and b) next time it could entirely destroy their business in Europe, instant loss of more than hal

\o/

[easyTree]

We're focused on protecting people's privacy from our competitors' violations. We are the one true personal-data dump muhahahah.

not even

[fredrated]

pocket change.

Re:not even

[denzacar]

It's not the size of the fine - it's establishing a continuous pattern of disregard despite the fines.
TFA lists several other fines Facebook was slapped with recently and the fact that this particular fine was supposed to be settled for a far lower sum of â52000.
I.e. Watchdogs and regulating bodies are getting tired of their excuses.

Which may be of some importance considering (again in TFA) Irish Data Protection Commission's ongoing investigations and an "increase in privacy complaints and data breach notifications" since the introduction of GDPR.
Which not only allows fines "as high as 4% of a company's annual global turnover" - they can be ordered to stop processing data altogether. [techcrunch.com]

For upheld complaints the GDPR 'nuclear option' is not fines though; it's the ability for data protection agencies to order data controllers to stop processing data.

Which might be a bit awkward for a company living off of other people's data.
Also, some of those ongoing investigations are not of Facebook, but of WhatsApp, Instagram, Twitter, LinkedIn and Apple.

Re:

[AmiMoJo]

It's extremely unfortunate that Cambridge Analytica was before GDPR came in. If it had been afterwards then they would probably have been looking to apply the maximum fine. I'd have pushed for removing their ability to process European's personal data too, at least until they can prove to the regulator that they are reformed.

Re:

[stoatwblr]

That's true across most of the EU, except the UK, which suffers from regulatory capture.

The thing about GDPR is that there was a 2 year lead-in to it being EU-wide and _many_ countries had their laws locked in place well before that final deadline (the UK - unsurprisingly - delayed until the last possible moment.)

Some of them (eg: Germany) had GDPR-level laws _before_ GDPR rollout. The whole point of it was to make for a unified level of privacy across the EU.

Those laws have long-arm statutes, so hiding bac

We need to get over this.

[Anonymous Coward]

People need to get out of this mindset that you can vomit your life into the world's largest mass surveillance apparatus... and have a shred of privacy left.

It appears people are still doing that however.

Like driving 70mph in a school zone

[Anonymous Coward]

And getting a speeding ticket for five cents.

Re:

[stoatwblr]

It's not the speeding ticket, so much as what it does for your insurance premiums.

And the fact that the next one will be equivalent to 50% of your annual salary.

Stings?

[rsilvergun]

they've got that in the couch cushions of one break room. This is just more posturing to make it look like anybody is doing anything.

License to print money

[Your_spleen]

I wonder if Facebook intends to pay using using their own currency? I mean wouldn't that be funny(for them) if the value of Libra coin was such that they could? (even if indirectly), lol.

Sad commentary

[mrobinso]

A $1.1 million fine for Facebook... like firing a spitball through a straw at a 10 locomotive freight train. Not even a splat.

wake me up when it's sting with a b

[epine]

Wake me up when it's sting with a b.

When did Dr Evil join the Italian parliament?

Some intrepid staffer with fast and assertive hands really needs to hound Dr Evil to the breaking point over his enduring million/billion quantitative dyslexia.

$1.1M

[dcw3]

How much is that in Lira?

Re:

[stoatwblr]

Lira haven't existed since 2002, so who cares?

You may as well be asking about Pesos, Francs, Marks or Guilders - same answer

Re:

[dcw3]

Wooosh