Included in this edition of Data & Privacy News: Facebook to appeal £500,000 fine from the ICO; Government failings on cyber security causing increased threat to critical infrastructure; Parliament invokes rare Parliamentary power to seize internal Facebook documents and more

Facebook to appeal £500,000 fine from the ICO

Facebook is appealing the £500,000 fine levied against it by the UK's Information Commissioner's Office (ICO) for its role in the Cambridge Analytica scandal. 

The company has said that is does not dispute that it made some errors in the case of Cambridge Analytica but is arguing that the penalty “challenges some of the basic principles of how people should be allowed to share information online”.

In 2014 and 2015, 87 million user profiles around the world were harvested when an app was allowed to access Facebook. Cambridge Analytica used the data to target voters in the 2016 US presidential campaign.  

Amazon confirm major data breach that disclosed customer details on its website

Reports suggest Amazon has confirmed that it suffered a major data breach prior to Black Friday, which disclosed customers' names and email addresses on its website.

The company has emailed affected customers but have so far refused to give any further details on those affected.

The ICO is currently following the situation.

Government failings on cyber security causing increased threat to critical infrastructure

A Parliamentary committee report has warned that the Government is failing to deliver on promises to safeguard the UK's critical infrastructure from cyber attacks, with growing threats from states such as Russia.

Earlier in the year, security agencies in the US and UK, released a joint technical alert, which accused the Kremlin of being the instigator in the ongoing hacking campaign against the critical infrastructure in both countries. Prior to this, an advisory notice was released which warned that companies connected to critical infrastructure were being targeted by attackers based in what was rumoured to be Eastern Europe.

The committee has suggested creating a cabinet position for a cyber security minister to strengthen cyber security within the UK's critical infrastructure.  

The Government has not yet responded to the committee's report. 

ICO investigation reveals breach of data protection laws by Metropolitan Police Service's Gangs Matrix

An ICO investigation, which started in October 2017, has found multiple serious breaches of data protection laws through the Metropolitan Police Service's (MPS) use of the Gangs Matrix, a database that contains intelligence related to alleged gang members.

The ICO issued an Enforcement Notice on the MPS after finding inconsistencies in the way the Gangs Matrix was being used. The MPS must comply with data protection laws in the future and have been given six months to make the necessary changes. 

Due to the timing, the case was dealt with under the Data Protection Act 1998. 

The ICO are launching a further investigation that will look at how partners of the police handle information, such as the Gangs Matrix. 

Parliament invokes rare Parliamentary power to seize internal Facebook documents 

Parliament has seized internal documents from Facebook which are believed to contain information on the social media sites data and privacy controls prior to the Cambridge Analytica scandal. 

Reports suggest that the documents were intercepted when the boss of US company, Six4Three, visited the UK. MP Damian Collins, invoked a rare Parliamentary power on the businessman, giving him two hours to hand over the documents or face possible fines or imprisonment. 

Mr Collins said that Facebook had failed to provide answers and the documents were very high in the public interest.

DIGIT GDPR Scotland Summit

Addleshaw Goddard's Scotland Data team are looking forward to attending DIGIT's GDPR Scotland Summit in Edinburgh on 5th December. The team's Head of Data, Helena Brown will be talking about handling data subject access requests post GDPR. The talk will examine what data is actually disclosable as part of a request and look at the exemptions that are available to withhold information. Over 300 delegates have signed up to attend what should be an interesting event.