020 7650 1200

Facebook could face legal claims from a million UK users following Information Commissioner's data breach fine

Data protection lawyer says those affected may claim compensation totalling many millions of pounds

Posted on 25 October 2018

The Information Commissioner’s Office (ICO) today announced that it has fined Facebook the maximum penalty of £500,000 for serious data breaches in respect of an app that harvested the data of 87 million users worldwide, including at least 1 million in the UK.
A leading data protection lawyer has said that Facebook could now face legal claims from affected UK users for many millions of pounds in compensation.
Sean Humber, a data protection lawyer at Leigh Day said that those affected have good claims for compensation against Facebook for breach of the Data Protection Act and called for Facebook to set up a compensation fund for the millions affected or face legal action in the High Court from those whose data was misused.
The data breaches concerned a third party app called thisisyourdigitallife which harvested the data of Facebook users who signed up to it, their Facebook friends, and those who exchanged Facebook messages with a user of the app. The data harvested included users’ Facebook profiles, birthdates, current city, photos in which they were tagged, pages liked, posts, friends’ lists, email addresses and Facebook messages. 
The operators of the app, Global Science Research Ltd (GSR) and Dr Aleksandr Kogan collected the data and then shared some of it with Cambridge Analytica and other companies.
The ICO found that at least some of the data shared with the companies is likely to have been used in connection with political campaigning, albeit Facebook says that is only the case for US users. The ICO said it had not been able to determine whether UK users’ data had been used in political campaigning, but noted that at the least it was put at serious risk of being used for political campaigning. 
The ICO found Facebook guilty of breaches of data protection law, including:
  • Unfairly processing users’ data by permitting the App to collect the personal data of friends of users of the app, without them being informed that such data was being collected and without being asked for consent
  • Failing to provide adequate information to users that extensive information could be collected about them by an app as a result of other users choosing to use that app.
  • Taking no steps, or no adequate steps, to guard against the unauthorised and unlawful processing of GSR and Dr Kogan
The ICO considered the breaches to be of a kind likely to cause “substantial distress” to affected users.
Sean Humber said: “The ICO’s decision to fine Facebook the absolute maximum amount possible for breaches of data protection law confirms the seriousness of their failings. Users had a right to expect Facebook to operate in a transparent way and keep their personal information safe.
“This clearly did not happen and those affected are now entitled to know exactly what has happened to their personal information as well as receive compensation for this misuse. Facebook could easily be facing a bill running into the many of millions of pounds.”
If you are a UK Facebook user and have received a message from Facebook saying that your personal information may have been misused and wish to receive more information about bringing a claim for compensation then please complete this form.