Facebook has been fined £500,000 ($664,000) in the U.K. after the country’s data protection watchdog concluded that its data-sharing scandal broke the law, making it as the social network’s first fine over the Cambridge Analytica scandal.
Yes, £500,000—that’s the maximum fine allowed by the UK’s Data Protection Act 1998, and equals to what Facebook earns every 8 minutes.
Facebook has been under scrutiny since earlier this year when it was revealed that personal data of 87 million users was improperly gathered and misused by political consultancy firm Cambridge Analytica, who reportedly helped Donald Trump win the US presidency in 2016.
According to the social media giant, a Cambridge University lecturer named Aleksandr Kogan collected the users’ data legitimately through a quiz app but then violated its terms by sharing the data with Cambridge Analytica, which was then hired by the Trump presidential campaign.
The UK’s Information Commissioner’s Office (ICO), who launched an investigation the Cambridge Analytica scandal in March, said that Facebook failed to prevent users’ data from falling into the hands of Cambridge Analytica.
It also found that the social network giant failed to be transparent about how personal information of its users was being harvested by others, violating the country’s Data Protection Act, the ICO said.
“A significant finding of the ICO investigation is the conclusion that Facebook has not been sufficiently transparent to enable users to understand how and why they might be targeted by a political party or campaign,” ICO said in a detailed report released Wednesday.
However, Facebook still has a chance to respond to the ICO’s Notice of Intent before a final decision on the £500,000 fine is made.
“Their representations are due later this month, and we have taken no final view on the merits of the case at this time. We will consider carefully any representations Facebook may wish to make before finalising our views,” according to an ICO update on the investigation published today by Information Commissioner Elizabeth Denham.
Due to the timing of the scandal, the ICO fine has been imposed under an old UK law, which has now been replaced by the new EU’s General Data Protection Regulation.
Under GDPR, a company could face a maximum fine of 20 million euros or 4% of its annual global revenue, whichever is higher, for such a privacy breach.
Facebook said the social media would respond to the ICO report “soon.”
“We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries […] We’re reviewing the report and will respond to the ICO soon,” Facebook’s chief privacy officer, Erin Egan, said in a statement.
The ICO is also considering bringing a criminal action against Cambridge Analytica’s defunct parent company SCL Elections and penalizing Cambridge Analytica ex-CEO Alexander Nix, and Aleksandr Kogan as well.
Besides the UK data protection watchdog, Facebook is also facing a probe by the U.S. Federal Trade Commission (FTC), which could also result in a substantial fine.