Facebook has agreed to pay the Information Commissioner’s Office, the United Kingdom’s privacy regulator, a £500,000 fine on Wednesday over its Cambridge Analytica data leak, but did not admit any wrongdoing in the matter.
The fine, equal to about $644,000 at current exchange rates, comes after more than a year of legal back-and-forth between the social network and U.K. regulators. It’s also the maximum amount the ICO could levy against Facebook; if the company’s infractions had come after Europe’s GDPR data privacy laws were implemented in 2018, Facebook could’ve been fined up to 4% of its annual global revenue.
The Cambridge Analytica scandal rocked Facebook for much of 2018, after the company admitted that up to 87 million users had their profiles unwittingly accessed by the political consulting firm. Cambridge Analytica paid University of Cambridge professor Aleksandr Kogan for data on the personality makeup of millions of Facebook users leading up to the 2014 midterm elections; Cambridge Analytica was later contracted by the Trump campaign in 2016 to help target potential voters — pulling in $15 million in the process.
The ICO, in its statement on the settlement, said Facebook “made no admission of liability.”
The settlement comes a few months after Facebook agreed to pay a record $5 billion fine to the Federal Trade Commission in the U.S. over the company’s mishandling of user data.
As part of its FTC settlement, Facebook will create a privacy oversight committee with independent members. The members can only be fired by a supermajority of Facebook’s board, not by CEO Mark Zuckerberg alone. Zuckerberg and other newly appointed compliance officers must also submit to quarterly FTC check-ins; any false information shared could open Facebook up to additional fines and penalties, according to the FTC.
Last month, Facebook suspended “tens of thousands” of apps for improperly harvesting users data. The company will report its Q3 earnings on Wednesday afternoon.