The Cambridge Analytica Facebook affair may embolden the authorities to aggressively enforce the GDPR as the public wakes up to the importance of data privacy.22 Mar 2018
The recent Cambridge Analytica scandal has hit news headlines worldwide and placed both Cambridge Analytica and Facebook in the spotlight for all the wrong reasons. The story has brought privacy and data protection to the attention of millions and will, no doubt, have increased awareness of how their data is used by businesses.
Under the current UK law, to the extent that UK citizens have been affected by this data misuse, the ICO is only able to levy fines of up to £500,000. After 25th May this year, when the General Data Protection Regulation (GDPR) takes effect, these maximum fines will be increased to the higher of 4% of global group turnover or €20,000,000. We expect this type of covert and unexpected use of personal data will attract the highest level of fines under the new regime.
Once the GDPR takes effect, processors (which would usually include Facebook) will have direct responsibilities in respect of the data they process and could also receive large fines for breaches of such responsibilities.
Currently this responsibility would be borne solely by the data controller. As such, this should serve as a prompt to marketing and intelligence agencies and similar businesses to collect, use and share their data in accordance with data protection laws to ensure they are not potentially responsible for such large fines.
This is particularly so as individuals will now be increasingly concerned as to how their data is being used (online and offline) and will wish to seize control over this. Businesses should take this opportunity to show dedication to protecting and using their customers’ personal data adequately in order to positively develop their reputation.
If you would like any advice in respect of the GDPR, please contact us.