The two sums really do not compare well -- not when you consider that Facebook oversaw a "privacy" regime in which Cambridge Analytica was able to glean the personal information of millions of the social platform's users from their friends playing a psychoanalysis test. It also failed to ensure that after such a practice was deemed wrong, the associated data was deleted, the ICO continues.
Apparently, it wasn't. The regime was rotten and so was its promise to make good.
Here's the rub. The ICO is very fond of its ability to say that it will always try to talk to companies and do all it can to avoid fines. Hence, charities that have been profiling people's data without their knowledge and giving too little regard to consumers' wishes on communications were recently let off with a small fine and a lecture.
The ICO's favourite line that it has never used its maximum powers, however, can now no longer be used. It has now pushed up the anger level. A GBP500k fine levied at Facebook is the absolute maximum the watchdog can go to under the previous rules of the Data Protection Act. The social giant has the right to respond, and so a final outcome is not expected until October.
However, it is difficult to see how Facebook can agree that it slipped up and abused its users' trust, while at the same time saying that confession doesn't mean it deserves the appropriate fine reserved for companies that are not transparent and have been shown to not ensure that data has been deleted, despite their assurances.
The real story here is that the data watchdog has given up on Facebook -- and it now has the power to fine it 4% of annual global turnover. In other words, we are now talking about a fine in the hundreds of millions, not a few hundred thousand pounds.
What Facebook must now be very concerned about is whether it handled GDPR properly. Its acceptance of this -- or approach to permissioning -- struck me and many others as a little forced, but I suspect it will scrape through. Investigations are currently underway across the EU into this, so we'll have to wait and see.
What is guaranteed is that Facebook cannot allow another Cambridge Analytica to happen. It has had its final warning and it will be fined under a previous, more lenient law. If it does not mend its ways, we will see an eye-watering fine thrown at it.
So now to the level of the fine. Rather than complain about the low level, I think it should be positioned as the ICO using its full fining powers for the first time, after years of holding back. For me, that tells the story a lot more accurately than calling out the apparent low level of that fine. The data watchdog had its hands tied. It has fined Facebook as much as it possibly can and served a warning that far higher levies are around the corner if it doesn't mend its ways.
The UK's data watchdog has never before exercised its full fining power but today, for Facebook, it is making an exception.