Facebook has been issued with a £500,000 ($645,155) fine by the UK Information Commissioner's Office (ICO) for its role in the Cambridge Analytica scandal, the maximum fine the office can enforce. Had the scandal taken place after new European Union data protection rules went into effect this year, the amount would have been far higher - including maximum fines of £17 million or 4 per cent of global revenue, whichever is higher.
The ICO said a subset of the data was later shared with other organisations, including SCL Group, the parent company of political consultancy Cambridge Analytica, which counted US President Donald Trump's 2016 election campaign among its clients.
Facebook has been stung with the maximum possible fine by Britain's privacy watchdog for the Cambridge Analytica scandal.
Mark Zuckerberg, Facebook's CEO and chairman. For context, Facebook's overall revenue was $40 billion (£31 billion) past year according to Statista.
Even after the breach was discovered in 2015, the ICO said Facebook did not take sufficient action to ensure those who held the data deleted it.
"We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation", Denham added.
The social media giant's annual revenue in 2017 was almost $40 billion, which would have meant a possible fine of $1.6 billion under the GDPR rules.
The agency said in its penalty notice that data from at least 1 million British users was "unfairly processed" and that Facebook "failed to take appropriate technical and organisational measures" against that happening.
"Our work is continuing", Denham said. "There are still bigger questions to be asked and broader conversations to be had about how technology and democracy interact and whether the legal, ethical and regulatory frameworks we have in place are adequate to protect the principles on which our society is based".
About the United Kingdom fine, Facebook responded in a statement that it is reviewing the decision. While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015. "We are grateful that the ICO has acknowledged our full cooperation throughout their investigation".
Facebook broke the law by failing to safeguard people's data and not being transparent about how that data could be harvested, the investigation found.