British regulators on Thursday slapped Facebook with a fine of £500,000 for failing to protect the privacy of its users in the Cambridge Analytica scandal.
The Information Commissioner Office (ICO) found that between 2007 and 2014, Facebook processed the personal information of users unfairly by giving app developers access to their information without informed consent. The failing meant the data of some 87 million people was used without their knowledge.
“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data,” said Elizabeth Denham, the Information Commissioner. “A company of its size and expertise should have known better and it should have done better.”
The ICO said a subset of the data was later shared with other organisations, including SCL Group, the parent company of political consultancy Cambridge Analytica.
News that the consultancy had used data from tens of millions of Facebook accounts to profile voters and help U.S. President Donald Trump’s 2016 election campaign ignited a global scandal on data rights.
The fine is the maximum allowed under the law at the time the breach occurred. Had the scandal taken place after new EU data protection rules went into effect this year, the amount could have gone up to £17 million or 4% of global turnover, whichever is higher.
