
Read the official statement from the ICO here. |
In 2017 ICO launched a formal investigation of the growing misuse of personal data in the context of political campaigns, after which in 2018, ICO fined Facebook for sum of GBP 500,000 for “suspected failings related to compliance with the UK data protection principles covering lawful processing of data and data security.” Facebook then appealed the decision before First Tier Tribunal, whose decision the ICO then appealed. Announced on 30 October 2019, the two parties have reached an agreement, with Facebook paying the fine but not admitting its liability.
The ongoing ICO investigation launched in May 2017 into the misuse of personal data in political campaigns looks at what the Authority defined as “invisible processing”, e.g. profiling, analysis, data matching and algorithms and analysis of the personal information of individuals insofar as such techniques affect the democratic process. The ICO noted that with respect to this issue, “the case for a high standard of transparency is very strong.” The investigation covered 30 organizations including Facebook and interestingly goes beyond the mere scope of enforcement, also aiming to improve transparency for citizens with respect to how their data are processed and allowing them to vote in a fair and uninfluenced manner. Recital 39 GDPR states that, “The principle of transparency requires that any information and communication relating to the processing of those personal data be easily accessible and easy to understand, and that clear and plain language be used. That principle concerns, in particular, information to the data subjects on the identity of the controller and the purposes of the processing and further information to ensure fair and transparent processing in respect of the natural persons concerned and their right to obtain confirmation and communication of personal data concerning them which are being processed.” Transparency is intrinsically linked to fairness, and organizations, regardless of their scope or size, should always try to be transparent with respect to how and why they use certain personal data in order to ensure that fundamental rights are protected.
CONNECT