Facebook Scandal Is a `Game Changer’ for Data Privacy Regulation

Photographer: Luke MacGregor/Bloomberg

• U.K. privacy chief speaks about new rules coming into force

• ICO is leading the European probe into Cambridge Analytica


Revelations that data belonging to as many as 87 million Facebook Inc. users and their friends may have been misused became a game changer in the world of data protection as regulators seek to raise awareness about how to secure information.Elizabeth Denham, the U.K. privacy regulator leading the European investigations into how user data ended up in the hands of consulting firm Cambridge Analytica, said in a speech Monday that the technology industry and regulators must improve the public’s trust and confidence in how their private information is handled.

Elizabeth Denham Source: Information Commissioner’s Office

“The dramatic revelations of the last few weeks can be seen as a game changer in data protection,” Denham, the U.K. Information Commissioner, said at her agency’s annual conference for data-protection practitioners. “Suddenly everyone is paying attention. The media, the public, parliament, the whole darn planet it seems.”

Denham’s agency is combing through evidence it gathered at the offices of Cambridge Analytica during searches last month following reports that the political consulting firm had obtained swathes of data from a researcher who transferred the data without Facebook’s permission. Denham has said that Facebook has been cooperating with her probe, though it’s too soon to say whether the social network’s planned changes will be enough.

The ICO has been reviewing the use of data analytics for political purposes since May 2017 and is now investigating 30 organizations, including Facebook, Denham said.

“Our ongoing investigation into the use of personal data analytics for political purposes by campaigns, parties, social media companies and others will be measured, thorough and independent,” she said. “Only when we reach our conclusions based on the evidence will we decide if enforcement action is warranted.”

The remarks come ahead of a meeting of the EU’s 28 data watchdogs in Brussels to discuss the issue and a call between Facebook Chief Operating Officer Sheryl Sandberg and the bloc’s Justice Commissioner Vera Jourova.



Starting next month, EU privacy regulators will get the power for the first time to fine companies as much as 4 percent of global annual sales under powerful new data-protection rules. The ICO’s Denham said she has no intention of changing her office’s “proportionate and pragmatic approach” after that date and “hefty fines will be reserved for those organizations that persistently, deliberately or negligently flout the law.”

Facebook Chief Executive Officer Mark Zuckerberg on Tuesday and Wednesday will testify before congressional panels in the U.S. investigating the mishandling of its data and other revelations about the social-media giant. Lawmakers and regulators in Europe are also seeking answers to questions about how the data of as many as 2.7 million people in the European Union could have ended up in the hands of a consulting firm that worked on Donald Trump’s U.S. presidential campaign.

Italy’s privacy watchdog will meet April 24 with Stephen Deadman, Facebook’s deputy chief global privacy officer, as part of a local investigation into the scandal. Two days later, Facebook will send its Chief Technology Officer Mike Schroepfer to answer questions from a U.K. parliament committee investigating the impact of social media on recent elections.

Denham’s office on Monday launched a public awareness campaign, called Your Data Matters, which seeks to restore people’s trust in how data is treated.

“The proper use of personal data can achieve remarkable things,” said Denham. “Now, more than ever, the role of data protection practitioner is not just as a guardian of privacy but as an ambassador for the appropriate use of personal data in line with the law.”