Facebook Scandal Not Isolated Case, U.K. Privacy Chief Warns

(Bloomberg) -- Facebook Inc.’s privacy missteps could be mirrored across other online platforms, according to a warning to European Union lawmakers from the head of the British data-protection watchdog leading a probe into the Cambridge Analytica scandal.

Asked by members of the European Parliament if what happened was an isolated case, Elizabeth Denham, who is spearheading the investigations, said it wasn’t.

“I think there is a lack of transparency for users across many platforms” not just Facebook, the U.K.’s Information Commissioner, told the civil liberties committee of the EU institution in Brussels on Monday evening.

The hearing was the first in a series of detailed events planned by lawmakers to dig deeper into how information concerning as many as 87 million people -- including about 2.7 million European users -- ended up in the hands of Cambridge Analytica, the consulting firm that worked on Donald Trump’s U.S. presidential campaign.

It came less than two weeks after Facebook founder Mark Zuckerberg was accused of dodging questions from key members of the European Parliament over the issue. The company on Monday posted its second batch of answers to 14 of the questions still outstanding.

Enforcement

The EU’s new privacy law known as the General Data Protection Rules, or GDPR, which took effect on May 25, will be a first step toward safeguarding people, said Denham. “What really matters now is the enforcement of the law, so it’s the activities that data-protection authorities are willing to do, it’s the sanctions that we look at, it’s the users and citizens who understand their rights.”

Privacy regulators across Europe will now have equal rights and responsibilities, and the same powers to mete out fines of as much as 4 percent of worldwide annual sales for serious violations.

While Denham said regulators like hers will be “proportionate” in how they will apply the sanctions, new tools under the GDPR might be even more effective than penalties.

Deleted Algorithms

“Under the GDPR’s new tools, we’ll be able to use enforcement notices to require companies to delete algorithms or stop processing,” said Denham. “And I think orders to stop processing are going to be as powerful, if not more powerful than administrative fines.”

Earlier Monday, Facebook disputed a a New York Times report about how it shares data with device makers from Apple and Amazon to Samsung.

They’re privy to Facebook users’ information but it’s nothing like the access that led to the Cambridge Analytica controversy, the social network said.

In an interview Monday, Andrea Jelinek, who’s in charge of policing the European Union’s data privacy law, said regulators on the continent intend to examine the reports.

Separately, Hamburg privacy regulator Johannes Caspar described the reports as “absolutely alarming.”

To contact the reporter on this story: Stephanie Bodoni in Luxembourg at sbodoni@bloomberg.net

To contact the editors responsible for this story: Anthony Aarons at aaarons@bloomberg.net, Peter Chapman, Jillian Ward

©2018 Bloomberg L.P.