The UK’s data protection watchdog on Thursday levied the highest possible fine it could against Facebook for the company’s failure to protect the personal information of its users in the Cambridge Analytica scandal.
The Information Commissioner’s Office (ICO) slapped Facebook with a fine of £500,000 (approximately $645,000), but said in a press statement that the fine would have been “significantly higher” under the European Union’s new GDPR regulations that came into force in May, which allow countries in the EU to fine companies that mishandle users’ personal data up to 4% of their global revenues.
Facebook will have little trouble footing the bill: The company made revenues of $13.2 billion in the last quarter.
Facebook did not immediately respond to BuzzFeed News’ request for comment.
“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data,” said Elizabeth Denham, the UK’s information commissioner. “A company of its size and expertise should have known better and it should have done better.”
The ICO’s statement said that Facebook had failed to make suitable checks on apps and developers using its platform.
“These failings meant one developer, Dr. Aleksandr Kogan and his company GSR, harvested the Facebook data of up to 87 million people worldwide, without their knowledge,” it said, adding that a subset of this data was later shared with other groups including Cambridge Analytica, the British political consultancy that played a key role in President Trump’s 2016 election campaign as well as pro-Brexit campaigns in the UK.