The Information Commissioner’s Office announced Thursday that it is investigating as many as thirty organisations, including Facebook, relating to the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors.
The privacy watchdog also said that its investigation into the Cambridge Analytica scandal “could result in enforcement action” and that it would recommend certain public policies to regulate how personal data is used online and what can be done to control such usage.
Winning the trust of citizens
“The ICO is looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica. We are also conducting a broader investigation into how social media platforms were used in political campaigning.
“Facebook has been co-operating with us and, while I am pleased with the changes they are making, it is too early to say whether they are sufficient under the law,” said Information Commissioner Elizabeth Denham.
“This is an important time for privacy rights. Transparency and accountability must be considered, otherwise it will be impossible to rebuild trust in the way that personal information is obtained, used and shared online.
“This is why, besides my investigation, which could result in enforcement action, I will also be making clear public policy recommendations to help us understand how our personal data is used online and what we can do to control how it’s used,” she added.
Back in March, after obtaining a warrant to carry out a search of Cambridge Analytica’s office in London, the ICO had announced that it intended to “collect, assess and consider” all available evidence before coming to any conclusions regarding the unauthorised use of personal data by the data analytics firm to aid political campaigns.
“A full understanding of the facts, data flows and data uses is imperative for my ongoing investigation. This includes any new information, statements or evidence that have come to light in recent days. Our investigation into the use of personal data for political campaigns, includes the acquisition and use of Facebook data by SCL, Doctor Kogan, and Cambridge Analytica.
“This is a complex and far reaching investigation for my office and any criminal or civil enforcement actions arising from it will be pursued vigorously,” Denham had announced.
Consistent fight against privacy abuse
This isn’t the first time that the Information Commissioner’s Office has exercised its powers to prevent the misuse of personal data by social media firms based abroad. Two years ago, Facebook was forced to pause plans to share data from WhatsApp in the UK after the ICO intervened. Facebook had announced that it would harvest data from its messaging app and share it with its social network for advertising and product improvement purposes.
“I had concerns that consumers weren’t being properly protected, and it’s fair to say the enquiries my team have made haven’t changed that view,” information commissioner Elizabeth Denham wrote in a blog post.
“I don’t think users have been given enough information about what Facebook plans to do with their information, and I don’t think WhatsApp has got valid consent from users to share the information. I also believe users should be given ongoing control over how their information is used, not just a 30-day window.”
Later that year, the ICO also launched a massive crackdown on more than 400 companies in the UK who, it believed, were using people’s personal details to promote gambling websites. It ordered all these companies to explain how they used personal data and sent marketing texts, including where they obtained the details and how many texts they sent.
“Companies must comply with the law when using people’s personal information. Not knowing the law or trying to pass the buck to another company in the chain is no excuse,” said David Clancy, the ICO’s anti-spam investigations manager.
“The public expect firms to be accountable for how they obtain and use personal data when marketing by phone, email or text. Fail to be accountable and you could be breaking the law, risking ICO enforcement action and the future of your business.”