Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

U.K. ICO and social media company settle privacy investigation

Privacy/Cyber Risk & Data Security Information Commissioner's Office U.K. Of Interest to Non-US Persons Settlement

Privacy, Cyber Risk & Data Security

On October 30, the U.K. Information Commissioner’s Office (ICO) announced an agreement reached between the ICO and a social media company that resolves an investigation into the company’s alleged misuse of personal data. The company has agreed to withdraw its appeal of the £500,000 penalty issued last year under section 55A of the Data Protection Act 1998 (DPA) and settle the case without an admission of guilt. The investigation stems from a data incident affecting upwards of 87 million users worldwide that included the processing of personal data about U.K. users in the context of a U.K. establishment. According to the ICO, the company violated principles of the DPA by (i) unfairly processing personal data; and (ii) failing “to take appropriate technical and organi[z]ational measures against unauthori[z]ed or unlawful processing of personal data.” The ICO published a statement by the company’s associate general counsel in which he noted that the company has “made major changes” to its platform that significantly restricts the information accessible to app developers, and that “[p]rotecting people’s information and privacy is a top priority for [the company].”