ICO's maximum fine is a drop in the bucket for Facebook

Facebook will make the fine back in less than 20 minutes

The Information Commissioner's Office has 'punished' Facebook with a £500,000 fine over the Cambridge Analytica scandal - the maximum allowed under the Data Protection Act 1998, as the offence was committed before the GDPR came into effect.

The fine relates to Facebook's involvement Cambridge Analytica's wholesale infringement of users' data privacy - in which the personal information of 87 million Facebook users was improperly shared with Cambridge Analytica, a digital consultancy with ties to the Trump campaign.

The ICO, which has been investigating Facebook since March, said on Tuesday that the social network had fallen foul of British data protection laws twice by failing to safeguard its users' information and not being transparent about how that data was harvested by others.

"Facebook has failed to provide the kind of protections they are required to under the Data Protection Act," said Information Commissioner Elizabeth Denham. "Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system."

The ICO's fine, albeit not final, is a drop in the water for Facebook, which makes £500,000 in around 18 minutes. Because of the timing of the breach, the data watchdog said it was unable to levy the penalties introduced by GDPR, which caps fines at €20m (£17m) or 4 per cent of global turnover: £1.4 billion in Facebook's case.

Facebook will address the proposed penalty before the watchdog makes a final ruling.

"As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015," Erin Egan, Facebook's chief privacy officer, send in a statement.

"We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We're reviewing the report and will respond to the ICO soon."

The ICO's probe into Facebook is part of a wider investigation into the use of data in political campaigns, launched last year, in which it is investigating 29 other social media companies, political campaigns, parties and other commercial actors over their roles in the EU referendum.

"Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes," Denham said.

"New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law."

The ICO said it's also launching a criminal prosecution against SCL Elections, a now-defunct organisation affiliated with Cambridge Analytica, and has sent warning letters to 11 political parties and "notices compelling them to agree to audits of their data protection policies."

The regulator added that it's weighing potential penalties against Alexander Nix, the former chief executive of Cambridge Analytica.