back to article UK privacy watchdog to fine Facebook 18 mins of profit (£500,000) for Cambridge Analytica

Facebook faces a £500,000 ($665,000) fine from the UK’s data protection watchdog, the ICO, for failing to protect netizens' info nor tell them how their data would be harvested by apps. The looming penalty relates to the social media giant's role in the Cambridge Analytica data-harvesting scandal – in which the personal …

Anonymous Coward

Conclusions?

Just like the ODPC Yahoo breach result, the ICO took action... They wrote a Report! Anyone who isn't terrified by the direction we're heading, just isn't paying attention. Facebook will stomach GDPR fines fine too.

Why? Zuckerberg's emotions betrayed his test-of-money to US/EU lawmakers. He has no intention of stopping the slurp road-show. Families using the Facebook-Stasi should be seriously worried. It feels like parents are condemning their kids them to some god awful Stasi-like future... An unholy alliance of corporate and state surveillance or interference...

All for what? Some convenience and cheap tech today. Its a dangerous tradeoff. Be prepared for your kids to ask one day: 'how did we get here Daddy'? Especially when AI makes ruthless decisions about medical procedures or drugs your family needs but can't get. Or a job your kid really wants, but is unfairly denied. Want a nice home? You've been auto-rejected! If you're on the bread line, expect more miscarriages of justice, once that's automated too. But don't take an AC's word for it:

https://www.bbc.co.uk/news/business-44702483

https://www.bbc.co.uk/news/technology-44642569

https://www.bbc.co.uk/news/business-44466213

28
1
Bronze badge

Re: Conclusions?

There might be a valid argument for the data slurp but what I don't understand is when people call Facebook a Stasi. It's people choice to use it. It's a free service. How else do people think they will make their money from the free service. It costs a lot of money to run and maintain all those servers.

I'm not defending Facebook, people have a right to be angry with them but it's still a free service and people choose to use it or not. I choose not to use it. Simple as that really.

"But some sites require it to sign up to stuff". Well then just use a dummy account, it's what I do. So when I say I don't use it, that was a lie, I use it just for signing into some sites that have no other option but to use Facebook.

4
10
Anonymous Coward

Re: Be prepared for your kids to ask one day: 'how did we get here Daddy'?

I think they're way too optimistic, the kids already don't give a flying monkey about how they got there. It's not that they've been boiled slow, they positively poured the water and turned the flame to FULL POWER, before jumping in.

But hey, given that this course is, ultimately, short-term, I see the bright side. It might be a nuclear flash, it might be an AI turning us off, but the future's bright, and f... the sapiens.

0
2
Silver badge
Paris Hilton

Re: Conclusions?

"It's people choice to use it. It's a free service"

Did you not hear about it creating profiles for people who have never had an account?

18
0
Silver badge
Unhappy

Re: Conclusions?

"https://www.bbc.co.uk/news/business-44466213"

About this article - it mentions that we could end up facing negative decisions by AI with no way of knowing how it was arrived at.

If I, as a human being in a position of authority, make a decision, aren't I expected to be able to provide a rationale for that decision?

Surely if an AI system provided a decision with no ability to provide the rationale behind it, then the decision is not valid and could be challenged in a court of law? Perhaps I'm being overly optimistic. (There's probably no perhaps about it).

8
1
Anonymous Coward

Re: negative decisions by AI

this has been done for quite some time already, the future's here already. Not by AI, because it doesn't exist, but by "algorithms" (human-designed, sure). Apparently though, it's already got to such a level of complexity that it's impossible (or too expensive, which comes to the same thing) to backtrack and see what went wrong. And if there's no path to enforce backtracking and remedy (cost optimisation, hurrah) - computer says no, there's no poit shouting down the phone line, long dead, there's nobody there.

...

there was an article on the subject somewhere... ah, here it is. Well, the orginal article by Washington Post is behind a paywall so, leftovers:

huffingtonpost.com/patricia-mcguire/teacher-evaluations_b_1328456.html

...

Also, fairly recently, a book on the subject with a rather cheesy title "Weapons Of Math Destruction".

4
0
Anonymous Coward

Re: Conclusions?

"But some sites require it to sign up to stuff"

Use a different site? I want nothing to do with Facebook or Facebook Logins which are just as bad for tracking you online.

Anyone use them doesn't get my visit.

9
1
Silver badge

Re: Conclusions?

With Facebook there are also all the 'shadow accounts' of people who haven't actively signed up with the service, but about which Facebook knows a lot from them being included in users' messages and photographs. Their personal data is at risk, but they don't have any way of deleting it from Facebook - because they don't have an account.

How these accounts can possibly be GDPR compliant is something of a mystery to me.

8
0

This post has been deleted by its author

Silver badge

Re: Conclusions?

This is a real issue with machine learning. How much of the stuff is replicable when algorithms are proprietary and data sets aren't published? A lot of news about data science shouldn't be considered 'science' because the results aren't replicable.

But it's being pushed as the next big thing even though no one really knows how it comes to its decisions and many of those decisions and insights are of only marginal statistical significance. Dredge enough data long enough and you'll find some correlation - chances are it's bollocks, but you might make a billion.

1
0
Silver badge

Re: Conclusions?

Facebook will stomach GDPR fines fine too.

It's worth noting that FB have shouldered the maximum possible fine under the existing legislation (£0.5M). GDPR has provision for far greater fines (4% of annual global turnover). FB's global revenue was over $40Bn in 2017, 4% of that is $1.6Bn, or £1.2Bn. A fine of that magnitude would be a much more interesting proposition. Not least because FB may resist paying it, which would presumably be a criminal matter and involve the invocation of international extradition treaties for those in charge. That's when it would be a good time to invest in popcorn.

7
0
Silver badge

Re: Conclusions?

Just because you've never opened a Facebook account, doesn't mean they don't know anything about you.

They probably know your contact details from slurping the contacts from one of your friends or family. They might well have a picture of you, again, helpfully tagged by one of your friends.

They might even have an idea of which websites you visit, based on tracking cookies, if you ever clicked on a link to their site that a friend sent you. They can then cross reference that with the information from the wide number of other sites that have Facebook cookies.

That's just the stuff I can think of off the top of my head. I have never signed up to Facebook, but I'm sure they know something about me.

4
1
Silver badge

Re: Conclusions?

It's worth noting that FB have shouldered the maximum possible fine under the existing legislation (£0.5M)

IIRC the "prompt payment discount" is 20%, so FB will only have to cough £400k.

GDPR may allow higher fines, but lets see what actually transpires - just because they could now fine FB over a billion quid, how likely do you think that is? The regulator will have a process that considers the scale and severity of the breach, then applies aggravating and mitigating factors. Evidence from other UK regulators with "up to 10% of turnover" powers shows that these powers are not used. Which is just as well, because the impact would be far more severe on low margin companies than those with vast profits.

The problem is that financial penalties aren't hitting companies where it hurts - rather than fines that are merely passed on to either customers or investors, regulators need to suspend offending companies from their core business activity either new customer sign ups, sales, loans or (in the case of FB/Google) all data scraping. Doesn't even need to be for very long - a couple of weeks for a first offence REALLY makes a point. Ofgem have issued over quarter of a billion quid in fines to energy companies over recent years without improving anything. But the couple of times they've suspended companies from signing up new customers, I can assure you (from within the industry) that sent shivers of fear through all companies.

4
0
Anonymous Coward

Re: Conclusions?

"But the couple of times they've suspended companies from signing up new customers, I can assure you (from within the industry) that sent shivers of fear through all companies."

That works for "trading companies" but with the social media they already have a huge database.... better to issue PERSONAL penalties to the directors and chief officers, including jail time for abuse of personal data especially maintaining shadow profiles, there is NO way that consent can be assumed there and as such should attract a really hash penalty for those at the very top.

2
0
Anonymous Coward

'Don't understand when people call Facebook a Stasi. Its people choice to use it. Its free service'

You're not looking at things from Zuk's perspective. Many of these sources only came to light after the CA-Palantir scandal. We may never have learned about them otherwise. What else is Facebook hoovering up. Right now Zuk is getting data from:

1. Firms uploading their CRM databases as part of advertising on Facebook. your insurer, your bank, your telco. Quality data!

2. Data Brokers trading bank and credit-card and utility financial datasets (Experian). Some bad data in there, but damaging!

3. Hospitals sharing health info. This is new and potentially very damaging. It raises uncomfortable questions like: What else do we not know about?

4. Shadow Profiles from Email / Phonebooks of anyone you've ever crossed paths with. Low hanging fruit contacts in your life!

5. All the Facebook buttons on millions of websites around the world phone home constantly. Some of it is blockable using adblockers. Some of it isn't when done Server-side (Passenger-Booking-Data etc).

3
0

Re: Conclusions?

What is particularly worrying about the shadow accounts, is that firstly people didn't consent to Facebook collecting their data on them, and data subjects have no way to request that Facebook cease processing and storing the data.

These are both in themselves breaches of the GDPR regulation.

5
0
Anonymous Coward

'people didn't consent to Facebook collecting their data on them'

To add to that and the point about 'don't understand when people call Facebook a Stasi'. See this ruling today. The data was sold to Experian. So, will this info make it to Facebook ultimately? Seems likely as Experian / Facebook are data partners. More unintended consequences of data sharing.

~~~~~~~~~~

"Emma's Diary faces fine for selling new mums' data to Labour - BBC News - A company that offers pregnant women and new parents health advice and gifts, faces a fine for illegally sharing more than a million people's personal data with the Labour Party. It said Lifecycle Marketing had sold the data for use in the 2017 general election campaign without disclosing it might do so. - The ICO said that on 5 May 2017, Lifecycle Marketing has supplied 1,065,200 records to the data broker Experian Marketing Services for use by Labour. - Each record included: the name of the parent who had joined Emma's Diary their home address whether children up to the age of five were present the birth dates of the mother and children - Emma's Diary is promoted by the Royal College of General Practitioners among others, and its information packs are distributed by many GPs and midwives. - It added that there may also have been a breach of the European Convention on Human Rights."

~~~~~~~~~~

https://www.bbc.co.uk/news/technology-44794635

~~~~~~~~~~

1
0
Silver badge

Re: Conclusions?

"Just because you've never opened a Facebook account, doesn't mean they don't know anything about you."

Is that the new "Just because you're paranoid, it doesn't mean they're not out to get you" ?

"I have never signed up to Facebook, but I'm sure they know something about me"

Quite. And as I've mentioned before, since signing up to Facebook again (long after "deleting" the old account) - and this time with a different address etc - it's interesting to see what shows up in my profile that hasn't been (directly) provided to them by me.

In particular, I'm looking at the 'advertising settings' which shows something from my phone, even though the Facebook application has never been anywhere near it - and here we see something very wrong. (I suspect Facebook may have randomly added these because of a lack of real data - but their wording says otherwise!)

1
0
Silver badge

Re: Conclusions?

"It's worth noting that FB have shouldered the maximum possible fine under the existing legislation (£0.5M). GDPR has provision for far greater fines (4% of annual global turnover)."

Yup. Was going to say the same thing. Unlike many comments and the article FB should read this as a warning of what happens next time. We could also end up with the ICO and at least one EU regulator handing out 4% fines. A billion here, a billion there and it soon adds up to real money.

2
1
Silver badge

Re: 'Don't understand ...

"your insurer, your bank, your telco"

As I'm in the UK all these entities will be getting attention under GDPR if they try that.

1
1
Silver badge
Devil

Re: Conclusions?

"creating profiles for people who have never had an account?"

How can I *poison* their data... ?

0
0
Anonymous Coward

Re: Conclusions?

"How can I *poison* their data... ?"

Ask everyone you know who has a Faecebook account to amend their info on you in some way, such as adding a spurious letter to your contact email and a dummy number for your mobile # etc.

Not sure what else you can do to be honest.

This is when being a billy no-mates comes in handy, even my Mum only has my work mobile number (which gets recycled regularly).

0
0
Silver badge

Review of the impact of ICO Civil Monetary Penalties - 20140723

Interesting read:

Review of the impact of ICO Civil Monetary Penalties - 20140723 (https://ico.org.uk/media/about-the-ico/documents/1042346/review-of-the-impact-of-ico-civil-monetary-penalties.pdf (PDF)

2
1
Silver badge
Holmes

Re: Review of the impact of ICO Civil Monetary Penalties - 20140723

> Interesting read:

What in your estimation makes it interesting? How does it relate to the article at hand? What conclusion did you draw from the document that makes it interesting/relevant?

Give me some clue as to why it's worthwhile to visit an external site and download and read a PDF document of unknown content and length.

9
6
Silver badge

Re: Review of the impact of ICO Civil Monetary Penalties - 20140723

"What in your estimation makes it interesting? How does it relate to the article at hand? What conclusion did you draw from the document that makes it interesting/relevant?"

Well, it's a report by the ICO on how effective ICO fines are, so it sounds like it should be relevant. As it turns out... not so much. The impact of penalties was assessed by interviewing a few organisations who had been fined. Amazingly, they all say that they've totally become more proactive in addressing their information rights obligations. No effort appears to have been made to find out if that's actually true. In addition, out of 14 organisations interviewed, only three were private companies with the rest all being government related bodies of some sort (councils, police, etc.). No mention is made of how big those three companies were.

So the conclusion is that a local council that reports itself to the ICO for a data breach will tell you that a fine made it take data security more seriously. Any impact from fining Facebook some pocket change isn't really considered at all.

4
0
Silver badge

Re: Review of the impact of ICO Civil Monetary Penalties - 20140723

"Well, it's a report by the ICO on how effective ICO fines are, so it sounds like it should be relevant. As it turns out... not so much. The impact of penalties was assessed by interviewing a few organisations who had been fined. Amazingly, they all say that they've totally become more proactive in addressing their information rights obligations."

They probably received a discount against the fine for taking part in the survey and giving suitable answers.

0
0
Silver badge

Re: Review of the impact of ICO Civil Monetary Penalties - 20140723

"Give me some clue as to why it's worthwhile to visit an external site and download and read a PDF document of unknown content and length."

To find out what's in it. Or would you prefer to rely on someone you don't know and whose abilities you don't know understanding not only the report but also its significance to your particular situation - which they don't know. The latter doesn't really seem like a good way to keep yourself informed if it's your standard practice.

1
0
Silver badge

Re: Review of the impact of ICO Civil Monetary Penalties - 20140723

> To find out what's in it. Or would you prefer to rely on someone you don't know and whose abilities you don't know understanding not only the report but also its significance to your particular situation - which they don't know.

Wait a minute, so some random has linked a random document to a story, with no topical comment, no indication what it's about and you say I should read it to see if it's relevant?

Is the document porn?

Or a treatise on the way to skin a cat?

Or a dissertation on the speed of an unladen swallow?

An intelligent design essay?

Cock pics?

Why Scientology is good for you and why you should join?

Do you read every random document everyone links in comments without knowing what the topic of the document is at least?

How about "Here's a report from the ICO on the impact of paying fines that seems to indicate that the fines do/don't have usefulness". At least then I'd have a clue what the linked document was (allegedly) about and then I can decide if I'm interested enough in that particular topic to open it and read it.

0
0
Silver badge

Re: Review of the impact of ICO Civil Monetary Penalties - 20140723

"Wait a minute, so some random has linked a random document to a story, with no topical comment, no indication what it's about and you say I should read it to see if it's relevant?"

No indication of what it's about? It's a document entitled "Review of the impact of ICO Civil Monetary Penalties", hosted at the ICO's own site, posted in response to an article about ICO civil monetary penalties and which comments how ineffective they are likely to be. While I can sympathise with your sentiment in response to people posting random links with no comment, in this case it really doesn't take a genius to figure out what the linked document might be about and how it might be relevant.

2
0
Silver badge

ethical pause

Isn't that what we've been in for several decades now?

11
1
Silver badge

Re: ethical pause

Last couple of millenia at least, near as I can tell. The invention of the corporation has even accelerated if anything.

9
0

Surely this isn't fair on them

Now I'm not one to stand up for facebook, but I do believe that old saying that I was always taught about the ol' information superhighway (yes, I'd love to bring that back lol) where common knowledge was 'if the service is free, you are the product.'

These moaning kids don't seem to understand that they signed up for this, hell they even agreed to it in the terms and conditions, even if those were something along the lines of the Big Zucker-B owning their souls for all eternity, and they still sucked it up and uploaded all of their data to Him without thought.

Then someone came along and said "omg, they SOLD the data we gave them for FREE! All I got was a communications system and an infinite photo upload depository. For free."

I know I'm doing the same for apple simply by owning a product, and bY Google (by its own definition of flogging me for ads every second of every day), but FFS what did people really expect? They'd hold on to all of their photos and thoughts for free, and they're going to continue to do so without making a penny from them? COME ON! If you're really that stupid you probably deserve to vote for christmas because an advert on Facebook told you to. Gobble gobble.

All hail the hypnotoad!

Disclaimer: I have no social media accounts (apart from enforced SSO test accounts at work) and never have done. My voting data is even more safe as it's either Labour or bust, and as I'm in the North it's normally bust. As me old pa said "they're all bastards anyway, just get on with it yourself".

7
16
Anonymous Coward

Re: Surely this isn't fair on them

People in general are stupid, ignorant and lazy. But that doesn't mean they should be exploited.

32
0
Anonymous Coward

Re: Surely this isn't fair on them

... unless the law says they can. Or unless you make the law. Ethicks and morals? Yeah, we've heard of such things.

4
0

Re: Surely this isn't fair on them

It might be a free service but that does not give the company providing that service the right to break the law.

The law sets out everybody's expectations, it's a standard from which everybody works and complies. The public knows what their rights are and the suppliers of services know what they have to provide.

It's completely inappropriate then to say "There is a legal standard which you must follow, but if you're providing a free service, you can totally ignore it". How do customers know what their rights are if the providers of free services are given complete carte blanche to ignore the standard and do whatever they want?

1
0
Silver badge
Alert

Cardinal Fang!

Fetch...THE COMFY CHAIR!

[JARRING CHORD].

17
0
Meh

Ouch... that must have hurt

Actually, Mark lost more in his own time, plane tickets, hotel rooms, plus the hefty bill his attorneys' buffet certainly sent him.

8
0
Anonymous Coward

Re: Ouch... that must have hurt

Though, of course, we have it on record that Mark would be uncomfortable telling us which hotel he stayed at.

10
0
Silver badge

Re: Ouch... that must have hurt

Suerely it's an unnoticeable sum to Facebook, but unfortunately ICO can't fine them more, that's the limit prescribed by law. Surely law needs to allow setting of fines on a 'per user' basis. eg £1k / user. You're careless with 1 million user profiles, you're on the hook for a billion quid.

6
0
Silver badge

Re: Ouch... that must have hurt

GDPR allows for much bigger fines.

2
0
Silver badge
Trollface

Re: Ouch... that must have hurt

good luck collecting those "larger fines" GDPR allows for. once the legal sidestepping starts, nobody will be responsible.

0
0

While the fine in itself is of no consequence to Facebook this may still come back to bite them down the line: I'd imagine a legal argument against, say, Facebook like / share buttons all over the place would be bolstered by pointing out repeated prior violations.

4
0
Silver badge
Devil

“to reflect on their responsibilities in the era of big data "

That comes after those companies' responsibilities towards Big Money, especially when it's their own.

2
0
Silver badge

Something missing

Yes, these scumbag companies (The BBC report lists others) and their disturbing lack of ethics deserve to be held to account, but what about the political results of these activities? There appears to be complete silence about that. Is it simply that all political colours were up to their necks in this, so politics over the last 10 years was all about a financial arms race, or do we simply not have the leadership to draw any societal conclusions from these scummy activities?

6
0
Silver badge

Re: Something missing

Politicians are exactly the same as these big corporates, they want to gain as much information about us as possible to sell us their product (socialist utopia, free market nirvana - both are impossible BS).

The further away from reqgular interaction with ordinary people they get, the more sociopathic they become.

6
1
Silver badge
Headmaster

Income Vs Profit

a net income of $5bn in its latest quarter, making that £500,000 about 18 minutes of quarterly profit

Income does not equal profit. You can have a huge income and still not turn a profit.

3
3
Silver badge

Re: Income Vs Profit

>>Income does not equal profit<<

Very true, but in these companies it's a lot closer than any manufacturing outfit.

7
0
Bronze badge

Re: Income Vs Profit

"You can have a huge income and still not turn a profit."

Often deliberately in this sector.

7
0
Silver badge
Headmaster

Re: Income Vs Profit

Net income is synonymous with profit before tax(es). If they'd used revenue then you'd be correct with your pedantry.

8
0

Re: Income Vs Profit

That is true, but under the Data Protection Act £500,000 is the most they can fine.

Under GDPR, fines can be much larger, and in Facebook's case, because their turnover is so high, the maximum fine would be $1.6 billion dollars.

1
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018