ICO issues maximum £500,000 fine to Facebook for failing to protect users’ personal information - ICO
The Information Commissioner’s Office (ICO) has fined Facebook £500,000 for serious breaches of data protection law.
In July, the ICO issued a Notice of Intent to fine Facebook as part of a wide ranging investigation into the use of data analytics for political purposes.
After considering representations from the company, the ICO has issued the fine to Facebook and confirmed that the amount – the maximum allowable under the laws which applied at the time the incidents occurred - will remain unchanged.
The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had.
Facebook also failed to keep the personal information secure because it failed to make suitable checks on apps and developers using its platform. These failings meant one developer, Dr Aleksandr Kogan and his company GSR, harvested the Facebook data of up to 87 million people worldwide, without their knowledge. A subset of this data was later shared with other organisations, including SCL Group, the parent company of Cambridge Analytica who were involved in political campaigning in the US.
Even after the misuse of the data was discovered in December 2015, Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion. In the case of SCL Group, Facebook did not suspend the company from its platform until 2018.
The ICO found that the personal information of at least one million UK users was among the harvested data and consequently put at risk of further misuse.
Elizabeth Denham, Information Commissioner, said:
“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data. A company of its size and expertise should have known better and it should have done better.”
This fine was served under the Data Protection Act 1998. It was replaced in May by the new Data Protection Act 2018, alongside the EU’s General Data Protection Regulation. These provide a range of new enforcement tools for the ICO, including maximum fines of £17 million or 4% of global turnover.
Ms Denham added:
“We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR. One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people’s personal data.
“Our work is continuing. There are still bigger questions to be asked and broader conversations to be had about how technology and democracy interact and whether the legal, ethical and regulatory frameworks we have in place are adequate to protect the principles on which our society is based.”
Watch Elizabeth Denham talk about the fine here.
A further update on the ICO investigation into data analytics for political purposes will be on Tuesday 6 November, when Ms Denham will give evidence to the Department for Digital, Culture, Media and Sport (DCMS) Select Committee.
In July, the ICO published an interim progress update on its investigation and also published a partner report, Democracy Disrupted? Personal information and political influence looking at the broader policy issues identified during the investigation along with findings and the Information Commissioner’s recommendations for future action.
Every year, the regulator publishes its Regulating for People, the Environment and Growth (RPEG) report which sets out the regulatory performance of businesses holding environmental permits in England and the effectiveness of the EA’s regulatory approach.
The report shows that 93% of the 14,000 businesses the EA regulates demonstrated good compliance with their environmental permit conditions. Businesses which harmed the environment, however faced record penalties. A total of £25.5 million in fines were issued by the courts for environmental offences brought by the Agency compared to £8 million last year.
Waste crime continues to blight communities, cause environmental harm, and undercut legitimate business. The Environment Agency is closing more than two illegal waste sites every day but discovering a similar number of new illegal sites. The report acknowledges waste crime is becoming more organised and that more needs to be done. This will be addressed in the government’s forthcoming organised waste crime review, which has examined how the Environment Agency, partners, and the law enforcement system can best tackle the problem.
The report also highlights the increased use of Enforcement Undertakings for less serious environmental incidents. In 2017/18 there were a record £2.2 million worth of Enforcement Undertakings accepted by the Agency. By companies admitting liability and making a financial contribution to put right the harm they have caused, both the environment and communities benefit.
Other key findings include:
Harvey Bradshaw, Executive Director of the Environment Agency, said:
Our regulation is supporting a healthier environment and safer communities – serious pollution incidents fell by 18%. We closed down over 800 illegal waste sites, and the courts have imposed record levels of fines on companies for environmental offences.
We are committed to supporting businesses to innovate and grow, in return, we expect that businesses take their responsibilities to protecting the environment seriously.
A North Devon-based steel fabricator has been sentenced after a young employee fell through a fragile roof whilst at work.
Plymouth Magistrates’ Court heard how, on 23rd August 2017, a 19-year old employed by Mark Dayment, trading as Langaton Steel Fabrications, was on his first day of working on a roof replacement project at a petrol filling station in Barnstaple. Whilst assisting another worker, he took a few steps off the walkway and fell 7.5 metres through a thin metal sheet onto the concrete forecourt below. The young worker suffered serious head injuries, a broken pelvis and a broken wrist as a result of the fall.
An investigation by the Health and Safety Executive (HSE) found the work was not properly planned, appropriately supervised or carried out in a safe manner when the incident occurred. Mr Dayment, had a duty to control how the work was carried out, including staff supervision.
Mark Dayment of North Road, South Moulton pleaded guilty to breaching Section 4 (1) of the Work at Height Regs 2005, and has been fined £12,000 and ordered to pay costs of £2,228.70.
Speaking after the hearing, HSE inspector Nicole Buchanan said: “This young man’s injuries were life-changing and he could have easily been killed. This serious incident and devastation could have been avoided if basic safe guards had been put in place.
“Falls from height remain one of the most common causes of work-related fatalities and injuries in this country and the risks associated with working at height are well-known.”
British Airways Avionic Engineering Limited has been fined for failing to assess the risk to workers from hand arm vibration.
Cardiff Crown Court heard how people working at the company were exposed to vibration from use of a wet blasting cabinet and vibrating hand tools. It was not until late in 2013 that action was taken by the company to assess and reduce vibration risk, despite the Control of Vibration at Work Regulations having been in force since July 2005 and were preceded by similar risk assessment requirements.
An investigation by the Health and Safety Executive (HSE) found that the company failed in their duty to recognise and properly assess the risk from hand arm vibration at their facility in Talbot Green, South Wales.
British Airways Avionic Engineering Limited of Waterside, Harmondsworth, pleaded guilty to breaching Regulation 5 of the Control of Vibration at Work Regulations 2005, and has been fined £80,000 and ordered to pay costs of £25,297.57.
Speaking after the hearing, HSE inspector Helen Turner said, “This was a case of the company failing to identify the risk from hand arm vibration, which is a recognised health risk with potentially disabling consequences.
“Unless vibration is identified and properly assessed, an employer won’t know the level of risk, and whether action is needed to protect workers. It is very important that people exposed to hand arm vibration at work are informed of the symptoms of early exposure and given opportunities to discuss their health so that they can be protected from serious Hand Arm Vibration Syndrome or Carpal Tunnel Syndrome.”
A haulage and waste processing business has been fined after an agency worker’s hand was drawn into an in running nip on a waste sorting conveyor.
Telford Magistrates Court heard how, on 27 September 2016, an 18-year-old agency worker was trying to clear a blockage beneath a waste conveyor belt. He reached in with his hand to remove the material causing the blockage when his hand was drawn in by the in-running nip on the conveyor system. He suffered partial amputation of his finger and a fractured elbow.
An investigation into the incident by the Health and Safety Executive (HSE), found there was inadequate guarding around the conveyor belt to prevent workers hands being caught up in the conveyor.
Loosemores Transport Ltd of Battlefield, Shrewsbury pleaded guilty to breaching Regulation 11(1) of the Provision and Use of Work Equipment Regulations 1998. The company was fined £18,000 and ordered to pay costs of £2,026.70.
HSE inspector Wendy Campbell said after the hearing: “A young man’s life has been changed because the company failed to ensure there was correct guarding on the conveyor belt.
“This should serve as a reminder to all companies to check their machinery guarding is adequate and prevents access to dangerous parts of machinery”.
Businessman sentenced after failing to prevent exposure to asbestos
A Manchester-based businessman has been prosecuted after failing to check whether asbestos was present in a building he owned before starting major refurbishment works.
Manchester Magistrates’ Court heard how Mr Whaid Ahmed did not survey his property at 1-3 Stephenson Square, Manchester for asbestos before carrying out renovations to the building between 1 April 2012 and 12 October 2017. Following a routine inspection from a Health and Safety Executive (HSE) inspector, a survey was subsequently carried out. Large amounts of asbestos, some of which was in very poor condition, was discovered on the premises, indicating that asbestos could have previously been removed without any controls in place from areas of the building already renovated.
The HSE investigation found Mr Ahmed failed to identify the risks involved, and put appropriate measures in place to prevent exposure to asbestos. Mr Ahmed has had previous enforcement action from HSE over a similar issue so was well aware of his duties under the law.
Mr Whaid Ahmed of Hale Barns, Altrincham pleaded guilty to breaching Regulations 5(a), 11(1)(a) and 16 of the Control of Asbestos Regulations 2012. Mr Ahmed was given a six months prison sentence, suspended for two years, sentenced to 250 community service hours and ordered to pay costs of £5,742.14.
HSE inspector Matt Greenly said after the case: “This case highlights the importance of surveying a property for asbestos to prevent risk to anyone occupying or working in that building and to reduce the risk of exposure to asbestos and contracting incurable diseases as a result of that exposure.”
Builder sentenced after young worker seriously-injured
A builder from Cornwall has been sentenced after one of his employees sustained serious, life-changing hand injuries whilst operating a handheld circular saw.
Bodmin Magistrates’ Court heard how David Avent, trading as David Avent Building Services, undertook a barn refurbishment in Callington during February 2017. On 7 February, a worker, who had recently turned 17, was using a circular saw to cut wooden flooring sheets when the blade made contact with his hand causing serious, life-changing injuries. The saw blade cut fully through his index finger, three quarters through his middle finger and half way through his ring finger.
An investigation by the Health and Safety Executive (HSE) found David Avent had no record of any information, instruction and training that he had provided to his employee in the safe use of the circular saw nor had he ensured that safe working practices were followed when cutting the flooring sheet. The investigation also found that circular saw blade had not been properly adjusted for the size of material being cut at the time of the incident and the flooring sheet was not appropriately supported whilst being cut.
David Avent of Callington, Cornwall pleaded guilty to breaching Section 2(1) of the Health and Safety at Work etc Act 1974. He has been fined £1,120 and ordered to pay costs of £8489.48.
Speaking after the hearing, HSE inspector Dr Jo-Anne Michael said: “This injury was easily preventable and the risk associated with the task should have been identified.”
“Employers should make sure they properly assess and apply effective control measures to minimise the risk from contact with dangerous parts of machinery to ensure that the risks are given careful attention to ensure they are properly controlled.”
More about the legislation referred to in this case can be found at: legislation.gov.uk/
ICO fines firm £90,000 for nuisance emails about pre-paid funeral plans
The Information Commissioner has fined London-based marketing company, Boost Finance Ltd (BFL), a company responsible for millions of nuisance emails about pre-paid funeral plans.
Trading as findmeafuneralplan.com, BFL was behind 4,396,780 emails that were sent from January to September 2017. The emails were sent to people who had subscribed to websites operated by BFL’s affiliates, but who had not given their consent to receive them.
The ICO investigation found that in all but one of the websites, it was not made obvious who the emails were from - although they did make generic mention of prepaid funeral plan providers in some cases.
The majority of the websites did not provide subscribers with the opportunity to opt out of third party marketing.
Andy Curry, ICO Enforcement Group Manager, said:
“Companies seeking to use email marketing must make sure they follow the law. People would particularly expect this to be so when the subject may be perceived as sensitive, as in this case.
“Boost Finance relied heavily on their affiliates to deliver millions of unwanted messages to members of the public, and also ensure compliance with the law. However, it was Boost Finance’s responsibility to ensure they had valid consent to send the emails. Businesses should send marketing messages in compliance with the law or face potential enforcement action by the ICO.”
The law states that organisations must have consent to send such emails. That consent must be freely given, specific and informed and involve a positive indication - such as ticking a box.
The investigation found that BFL relied upon inadequate and misleading methods to collect personal data to obtain consent and that consent was not sufficiently informed and therefore breached the Privacy and Electronic Communications Regulations (PECR).
Notes to Editors
- marketing calls, emails, texts and faxes;
- cookies (and similar technologies);
- keeping communications services secure; and
- customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
We aim to help organisations comply with PECR and promote good practice by offering advice and guidance. We will take enforcement action against organisations that persistently ignore their obligations.
The UK’s two food regulators today published a draft review with a series of recommendations for the meat industry and the regulators themselves aimed at improving compliance and assurance in the meat processing industry.
The six-month review was launched in the wake of a number of high profile non-compliance issues identified at cutting plants.
The review took a fundamental look at how the current arrangements could work better and focused on tackling the root causes of common issues, and not just the symptoms.
The recommendations, which are subject to the approval of each organisation’s Board at a meeting in Edinburgh on 17 October, are designed to prioritise food safety and improve overall industry standards in the meat supply chain.
The 19 recommendations for industry and regulators include:
Jason Feeney, Chief Executive of the Food Standards Agency, said:
"We launched this review following a series of high profile events over the last 12 months at a number of meat businesses. These incidents cast a shadow over the whole sector and not just the businesses directly at fault. This challenged consumer confidence and trust in the industry as a whole".
"This in-depth review has identified actions that the meat industry and the regulatory authorities can take to make improvements".
"There are good reasons why the meat industry has specific controls in place to protect public health and provide assurance about the authenticity of meat products on the market".
"We are pleased the industry participated so fully in this approach and we expect them to continue to work with us to deliver the recommendations once they have been agreed".
Geoff Ogle, Chief Executive of Food Standards Scotland, said:
"This review is essential for ensuring the public continues to have full confidence in the safety of the UK’s meat industry. The majority of our meat sector acts responsibly ensuring food safety compliance across their process, and it is important that the actions of a minority do not damage the reputation of the whole sector.
"That’s why we and the Food Standards Agency have looked at a comprehensive evidence base and have made wide-ranging recommendations for improvement for both industry and regulators that will ensure the high standards and safety we expect in our meat industry.
"The input of industry bodies in this review has been, and will continue to be, paramount and we thank everyone who has contributed.
"When our respective Boards have agreed the next steps, we will work to deliver the improvements identified. All decisions and actions will continue to be taken in the best interests of consumers and will be based on the evidence base and expert scientific advice. We all have a part to play in ensuring the safety of our meat and meat products.'
Background to the review
The review was announced in February 2018 to identify potential improvements in the way the sector is regulated in the wake of non-compliance issues identified at cutting plants. Emerging findings were published and discussed at the FSA and FSS Board meetings in May and June.
A comprehensive stakeholder engagement and evidence gathering process has been conducted which included:
The draft report and board paper can be accessed at the https://www.food.gov.uk/about-us/meat-cutting-plant-and-cold-store-review
Huntingdon man ran two illegal waste tyre sites in Cambridgeshire, both of which he abandoned.
On Tuesday 09 October 2018 Michael Newsome was sentenced to a total of 8 months imprisonment (4 months consecutive for each offence) suspended for 24 months. Newsome was also ordered to carry out 240 hours of unpaid work for the benefit of the community, ordered to pay a total of £12,131.90 in compensation to the landowners where he abandoned tyres and a contribution of £1,000 costs after pleading guilty to breaking the law in Peterborough and Whittlesey.
Peterborough Magistrates heard that Newsome, aged 28, of Overwater Close, Stukeley Meadows, Huntingdon, traded as Cambridgeshire Rubber Recycling Ltd and even advertised on Facebook as being licensed.
First he set up in Peterborough having registered an exemption that allowed him a limited number of tyres on site to be stored under set conditions for safety.
Mr Gurjit Bdesha, prosecuting for the Environment Agency, told the court that Newsome leased the Dickens Street site from an 82-year-old man to shred tyres, which he failed to do. Instead, he took well in excess of the number of tyres allowed under the exemption and stored them in a way that had no fire breaks.
Mr Bdesha said:
"This was especially important as the site is in the middle of a residential area with the nearest home being 13 metres away. Tyres can combust and fire can easily spread".
Despite being asked to move the tyres, Newsome made no effort to clear the site and the landlord ejected him. He later broke into a lockaway on site, damaging the door, to take back equipment belonging to him. He left behind 87 tonnes of tyres (9,050) costing the landlord £8,121.
After being evicted Newsome took on a site at Lazy Acre Farm, Whittlesey and carried on business, failing to even register an exemption.
The landlord became worried at the number of tyres on site with no equipment to process them and asked him to leave.
Mr Bdesha continued:
"The landlord was so desperate for Newsome to leave the site and clear the tyres that he was prepared to waive rent arrears of £3,500 if he removed them. The tyres were left there".
At that site Newsome abandoned 117 tonnes of tyres (14,040).
Mr Bdesha told the court that the site was listed as a High Risk Fire site as the tyres were stored within 70 metres of the mainline railway from Birmingham to Stansted Airport. If there had been a fire due to arson or self-combustion then the impact could have resulted in the closure of the railway and caused significant disruption to the national railway transport network.
He said there had been 2 failed attempts to arrest Newsome, 2 failed attempts to get him to voluntarily attend interview with Environment Agency investigators and since then no communication from him.
After the hearing Enforcement Team Leader Phil Henderson said:
"We require operators have an approved fire prevention plan in place before a permit is issued. The Environment Agency seeks to work with operators to ensure compliance with the relevant environmental regulations".
"However, as in this case, where those operators fail to take this advice we are compelled to take action, particularly in cases where the storage of waste may risk local residents or our transport infrastructure."’
Newsome pleaded guilty to:
On or before 3 November 2015 on land known as 61 Dickens Street, Peterborough, PE1 5ER, you operated a regulated facility, namely a tyre treatment and disposal facility, without being authorised by an environmental permit granted under Regulation 12 of the Environmental Permitted (England and Wales) Regulations 2010. Contrary to Regulation 12 and 38(1)(a) Environmental Permitting (England and Wales) Regulations 2010.
Between 1 December 2015 and 31 December 2016 on land known as Lazy Acre Farm, Whittlesey, Peterborough PE7 1GR, you operated a regulated facility, namely a tyre treatment and disposal facility, without being authorised by an environmental permit granted under Regulation 12 of the Environmental Permitting (England and Wales) Regulations 2010. Contrary to Regulation 12 and 38(1)(a) Environmental Permitting (England and Wales) Regulations 2010.
The corac team
News and thoughts from Centaur House
Open Government Licence
In addition to our own posts we also post news content from selected government agencies.
We are pleased to include the following attribution statements in recognition of the content we use in the following categories:
"Contains public sector information published by the Health and Safety Executive and licensed under the Open Government Licence"
Environment Agency -
"Contains Environment Agency information © Environment Agency and database right"
Food Standards Agency
Plus other general .gov content:
"Contains public sector information licensed under the Open Government Licence v3.0".