Facebook and Cambridge Analytica: A warning to all

Published on: 22/03/2018

#Data Protection

The news surrounding Facebook and Cambridge Analytica sends a clear warning to organisations holding and processing personal data - tighten up your data processing and let individuals know what you will be doing with their data!

While the investigations of any wrongdoing by Facebook are ongoing, Facebook founder Mark Zuckerberg has already admitted that there has been a “breach of trust”.

The news could not be more timely. In the EU (including the UK), the General Data Protection Regulation is coming into effect on 25 May 2018. Amongst the changes are increased fines for data breaches (which, for some breaches, could be up to 4% of annual worldwide turnover or €20 million, whichever is higher) and the requirement for transparency on processing data. Put into context, based on Facebook’s reported turnover in 2017, 4% of global turnover equates to approximately $1.63 billion.

The allegations surrounding Facebook relate to a personality quiz offered on the platform in 2014. The data from the responses (for around 50 million users) was then allegedly sold to Cambridge Analytica and used by political clients. Current allegations include that such data was used in the 2016 US presidential election campaign.    

While the investigations have only just begun, the impact can already be seen, with the scandal reportedly wiping around $37 billion off the value of the business and some advertisers threatening to withdraw advertising. While Facebook says that it will change how it shares data with third party apps in the future, the damage has already been done.

While many organisations may think that such scandals will never affect them, given the need under the GDPR for data controllers to be transparent on their uses of personal data, all organisations need to be considering their position. Setting out the uses of personal data under a privacy notice will enable controllers to set out what they will do with individuals’ personal data. Abiding by this notice should then restrict the use of the data to confined boundaries and avoid any such negative press.

If you need any help compiling a privacy notice, or need to discuss the upcoming changes under the GDPR, please contact us at contact@clarkslegal.com

Clarkslegal
contact@employmentbuddy.com +44 (0) 118 958 5321

Disclaimer

This information is for guidance purposes only and should not be regarded as a substitute for taking professional and legal advice. Please refer to the full General Notices on our website.

Related HR Articles

27 Jan 20

Subject Access Request Compliance Update

Despite the consultation period for their draft Right of Access Guidance remaining open until the 12th February, the Information Commissioner’s Office (the “ICO”) has amended its published guidance on the timescales for Data Subject Access Request (“DSAR”) compliance.

15 Dec 17

Employers could be liable for data breaches by rogue employees
In 2014 an employee of Morrisons supermarkets posted payroll information (including names, addresses, bank accounts and salaries) of 99,988 colleagues online and sent the same to newspapers. Mr Skelton had the right to access this information and had taken the data to get revenge on the firm after disciplinary action. Given the scale and nature of the information, he was subsequently jailed for eight years.

04 Jan 23

UK Data Protection: Development round-up 2022 and 2023 trends

There have been many factors at play which have shaped this year’s developments in data protection, in particular stemming from Brexit, Covid-19 pandemic, inflation and the war in Ukraine. We review the key developments of 2022 and what you should look out for in the New Year.
More HR Articles