Facebook fined a paltry £500,000 (8 minutes’ revenue) over Cambridge Analytica scandal

Under GDPR rules the fine could have been as high as £1.2 billion.

Facebook fined a paltry £500,000 (8 minutes' revenue) over Cambridge Analytica scandal

The UK’s Information Commissioner’s Office (ICO) has announced that Facebook will be fined £500,000 – the maximum amount possible – for two breaches of the Data Protection Act 1998 in connection with the Cambridge Analytica scandal.

You’ll remember that Cambridge Analytica burst onto the front pages of the newspapers after it emerged that an app had harvested the profiles of 87 million Facebook users.

According to the ICO, Facebook broke the law by failing to safeguard people’s information, and also failed to be transparent about how users’ data could be harvested by others.

Sign up to our free newsletter.
Security news, advice, and tips.

In a tweet, journalist Charles Arthur pointed out that the £500,000 was not going to worry Facebook one jot, as it amounted to less than ten minutes’ worth of revenue for the company.

£500,000 to Facebook isn’t even a mosquito bite. It’s barely a drop in the ocean. If Facebook had been fined under Europe’s new GDPR rules the maximum penalty could have been as much as £1.2 billion.

Even £1.2 billion would only amount (and I’m taking Charles’s word for this, as my maths is rubbish) to around 14.5 days’ revenue for the internet giant.

The ICO’s £500,000 fine for Facebook comes as part of a broader investigation into whether personal data was misused by campaigns on both sides of UK’s Brexit referendum, and includes political parties, data analytics parties, as well as social media platforms.

Whistleblower Christopher Wylie didn’t mince his words.

Now feels like an appropriate juncture to point you towards the “Smashing Security” podcast about how to quit Facebook.

Smashing Security #75: 'Quitting Facebook'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

For much more information and background on the controversy surrounding Facebook and Cambridge Analytica, read the following articles:

Further reading: Cambridge Analytica controversy: Was there a Facebook data breach?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.