The Information Commissioner’s Office (ICO) is set to levy the maximum fine under the old data protection regime against Facebook for failings linked to the Cambridge Analytica scandal.
The privacy regulator issued a new report on Wednesday detailing its wide-ranging investigation into the use of data analytics for political campaigning.
It claimed to have issued a Notice of Intent to the social network for a monetary penalty of £500,000 “for lack of transparency and security issues relating to the harvesting of data constituting breaches of the first and seventh data protection principles under the Data Protection Act 1998.”
Facebook has time to appeal later this month.
The ICO is also investigating data protection irregularities between Leave.eu and Aaron Banks’ Eldon Insurance company, the relationship between the Cambridge Analytica-linked AggregateIQ and leave campaigns, the role of data brokers in political campaigns, and more.
The regulator has sent warning letters to all 11 political parties with MPs in the Commons that they will be audited later this year.
“We have concluded that there are risks in relation to the processing of personal data by many political parties,” it said. “Particular concerns include: the purchasing of marketing lists and lifestyle information from data brokers without sufficient due diligence, a lack of fair processing, and use of third party data analytics companies with insufficient checks around consent.”
A separate ICO report on the policy implications of its findings called for an “ethical pause” in digital political campaigning to allow key stakeholders to “reflect on their responsibilities” when using personal data to target voters.
It called on all third-party platforms to urgently roll out transparency features related to political advertising and said it would work closely with the government to draw up a new statutory code of practice in line with the GDPR/DPA18 to regulate the use of personal data in political campaigns.