Italian data protector makes Facebook an offer it might want to refuse: A €1m fine for Cambridge Analytica data leak

Claims more than 200k Italians had data harvested after just 57 downloaded app

The Italian data protection regulator has fined Facebook a cool €1m for alleged privacy offences connected to the Cambridge Analytica scandal.

The regulator, Il Garante per la protezione dei dati, found that Facebook, via the This Is Your Digital Life app, accessed data from over 200,000 Italian citizens without their consent. The app was actually downloaded by only 57 people but it then accessed their friends and contacts to extend its reach.

So in total 214,077 Italians had their data accessed without their consent being sought or granted. Facebook opted to pay a reduced fine of €52,000 for that offence. But the regulator chose to seek an additional fine because the data breach was so large.

The fine was imposed under Italy’s old privacy laws – not the European-wide General Data Protection Regulation, which allows fines of up to 4 per cent of a company’s global turnover.

In its investigation in February, the regulator found it used a piece of software called Candidati to send users information relating to candidates standing in their constituency. Facebook said it did not keep information on how people voted but retained log files and extracted unspecified “aggregate matrixes [sic]” from the files. This was not mentioned in Facebook’s Ts&Cs.

UK regulator the Information Commissioner’s Office was similarly limited by the old regulations when it fined Facebook £500,000 for Cambridge Analytica related offences last year – the maximum amount pre-GDPR.

The commission said the social media network had broken two of the UK’s legally binding data protection principles by allowing Cambridge academic Aleksandr Kogan to harvest 87 million Facebook users’ personal data through an app disguised as an innocent online quiz.

Facebook told The Reg: “We have said before that we wish we had done more to investigate claims about Cambridge Analytica in 2015. However, evidence indicates that no Italian user data was shared with Cambridge Analytica. Dr Kogan only shared data with Cambridge Analytica in relation to US users.

“We made major changes to our platform back then and have also significantly restricted the information which app developers can access. “We will review the Garante’s decision and will continue to engage constructively with their concerns.”

The Italian data watchdog’s announcement is available here. ®

Sponsored: Balancing consumerization and corporate control

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips