The UK's Information Commissioner's Office (ICO) has referred Facebook to the Irish Data Protection Commission. The IDPC is the lead authority for Facebook when it comes to GDPR, and separate to the $645,000 fine the social network was slapped with for the Cambridge Analytica scandal.
A spokesperson for the ICO spoke to Reuters about the referral, mentioning several concerns about Facebook's business model, the privacy of its users, and the ability for its adverts to influence politics.
“We have referred our ongoing concerns about Facebook's targeting functions and techniques that are used to monitor individuals' browsing habits, interactions and behavior across the internet and different devices … to the Irish Data Protection Commission,” said the spokesperson.
Perhaps the most interesting part about this statement is the watchdog's use of the world individuals, rather than just users. Though Facebook does track its users across the web, it's also been caught tracking non-users.
Mark Zuckerberg managed to successfully dodge this question during his testimony to Congress, and the format of the EU's questioning meant there was little room for detailed discussion.
However, the ICO has confirmed that the referral doesn't currently include Facebook's ad transparency tool, which recently came under scrutiny. Several publications falsely bought ads posing as Senators and even Cambridge Analytica, which were passed without hassle.
GDPR and Fines
The referral to the IDPC is particularly significant because its fine over Cambridge Analytica came under the UK's 1998 Data Protection Act. That placed the maximum fine amount at $645,000.
If the IDPC is unhappy with the other ‘outstanding issues' mentioned, it could fine Facebook further. If it finds it in violation of GDPR, it could mean as such as 4% of the company's global revenue.
Facebook admitted last month that it's been passing user's phone numbers to advertisers. Those agencies could then use it for targetted advertising. It also poses a security risk for users, given the number's use in two-factor authentication.
As Facebook's voluntary efforts clearly aren't working, Information Commissioner Elizabeth Denham called for hard regulation.
“Facebook needs to change, significantly change, their business model and their practices to maintain trust,” she said at a parliamentary meeting.
“We have seen some evidence on the voluntary side of Facebook being more transparent, things like the provenance of political ads, but I think they need to do more and I think they should be subject to stricter regulation and oversight.”