UK authorities have hit Facebook with the maximum possible fine over its Cambridge Analytica scandal. But the penalty is tiny.
The United Kingdom’s Information Commissioner’s Office announced the £500,000 ($645,000) fine on Thursday, saying that Facebook failed to safeguard user data and was slow to contain the leak.
The watchdog launched its investigation earlier this year after it emerged that Cambridge Analytica accessed information from as many as 87 million Facebook users without their permission.
Facebook (FB) said in a statement that it was reviewing the decision.
“While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015,” the company added.
The penalty, which is less than the average price of a home in London, won’t hurt Facebook. But the Information Commissioner warned that any future fines would be much higher under Europe’s new data protection law.
“The fine would inevitably have been significantly higher under the GDPR,” Elizabeth Denham, the UK Information Commissioner, said in a statement.
Since GDPR came into effect in May, European data watchdogs have had the power to fine companies the higher of €20 million, or 4% of annual global sales, for new data protection violations.
Jonathan Compton, a data protection lawyer and partner at law firm DMH Stallard, said that the maximum penalty that Facebook would face under the law is $1.6 billion.
“This would perhaps focus the attention of Facebook’s executives somewhat,” he said.