“Facebook Draws U.K. Fine Over Sharing Data,” The Wall Street Journal, October 26, 2018 B4. Facebook fined half a million Pounds ($645,000) for allowing Cambridge Analytica for letting them see and use user data. This is separate and apart from any fines the EU may impose.
Part of the problem is that Facebook didn’t do enough (i.e., anything) after it found out about Cambridge Analytica having accessed the data.
So, some points to consider:
- Whose information was it?
- Whose (and how many) rules (EU, UK, US, other) apply to (i.e., govern) a data breach?
- Why didn’t FB do anything after learning of the problem? Did it not have a process for handling a vendor that accessed data inappropriately? Doesn’t Governance require you to have such a process? Does Compliance entail requiring your vendors to follow a process, and penalizing them when they don’t?
- The fine here won’t go to the UK residents whose privacy was invaded. Is this a fine or a tax? It certainly isn’t damages.