Britain’s information watchdog has asked Facebook’s lead European regulator to investigate how the company targets, monitors and shows adverts to users, saying it was concerned about some practices at the world’s biggest social network.
Britain’s Information Commissioner has been investigating the use of data analytics to influence politics after consultancy Cambridge Analytica obtained the personal data of 87 million Facebook users from a researcher.
The British watchdog said on Tuesday as part of that inquiry it had also found broader issues at Facebook, which it had referred to Ireland’s data regulator, the lead supervisor for the social network in the European Union.
A spokeswoman for the British watchdog said it had been made aware of fake political adverts on the network.
Facebook said it looked forward to discussing the matter. “We regularly engage with regulators regarding our advertising tools, which we believe fully comply with EU data protection laws,” a spokeswoman said.
Ireland’s Data Protection Commission (DPC) said it would assess the information and decide what steps were required.
Under the EU’s Global Data Protection Regulation (GDPR), a firm found to have broken data processing and handling rules can be fined up to 4 percent of their global revenue of the prior financial year, or €20 million, whichever is higher. Facebook had total revenue in 2017 amounting to €47 million.
The Cambridge Analytica scandal exposed the role that personal data plays both for marketers and political groups in the internet age.
The political consultancy was able to harvest the data of 87 million people after a researcher created an app that was downloaded by 270,000 people, providing access not only to their own but also their friends’ personal data.
Cambridge Analytica worked on Donald Trump’s U.S. presidential campaign in 2016.
“Citizens can only make truly informed choices about who to vote for if they are sure that those decisions have not been unduly influenced,” Britain’s Information Commissioner Elizabeth Denham said in a report to lawmakers published on Tuesday.
“We have uncovered a disturbing disregard for voters’ personal privacy,” Denham said. “Social media platforms, political parties, data brokers and credit reference agencies have started to question their own processes – sending ripples through the big data eco-system.”
The Commissioner has also launched audits into the role of credit reference agencies such as Experian and sent assessment notices to data brokers including Acxiom as it seeks to understand the market for buying and selling personal data.
Acxiom said in a statement that it would cooperate fully with the Information Commissioner and that in Britain it does not host, offer or process any “special category” data, as defined by the GDPR, that includes political data.
“Staff must undertake yearly training and exams and as part of ensuring compliance with applicable data protection law, Acxiom underwent and passed an independent data protection audit by the Direct Marketing Association in May this year,” it said.
The GDPR was brought in by the EU in May to protect personal information and has forced the different online players to make sure they have permission from users to handle their data.
The British Commissioner has already slapped the highest possible fine of £500,000 (€570,000) on Facebook for the misuse of data, but said on Tuesday it was referring other outstanding issues to Ireland.
“We have referred our ongoing concerns about Facebook’s targeting functions and techniques that are used to monitor individuals’ browsing habits, interactions and behaviour across the internet and different devices to the to the Irish Data Protection Commission,” the British watchdog said.
The BBC in October reported that a fake political advert had been posted to Facebook. Facebook had said earlier in October that advertisers that mentioned political figures, material or parties would be obliged to provide evidence of their identity and location and state on Facebook who was paying for the ad.
Facebook has also sought to give users more control over their privacy by making data management easier.
Credit data company Experian said it was aware of the UK watchdog’s concerns.
“As a highly regulated business, we work closely with regulators and strictly comply with data protection laws in all of the countries that we operate in, and we remain vigilant when it comes to data security and integrity,” it said in a statement.