Britain’s information watchdog has referred Facebook to the lead regulator under Europe’s data regime to look at how the social network targets, monitors and shows adverts to its users.
Britain’s Information Commissioner had been investigating the use of data analytics to influence politics after consultancy Cambridge Analytica obtained the personal data of 87 million Facebook users from a researcher. Cambridge Analytica worked on Donald Trump’s US presidential campaign in 2016.
The British watchdog said on Tuesday as part of that inquiry it had also found broader issues at Facebook, which it had referred to Ireland’s data regulator, the lead supervisor for the social network in the European Union.
A spokeswoman for the British watchdog said it had been made aware of fake political adverts on the world’s biggest social network.
The Commissioner has also launched audits into the role of credit reference agencies such as Experian and sent assessment notices to data brokers including Acxiom as it seeks to understand the market for buying and selling personal data.
“Citizens can only make truly informed choices about who to vote for if they are sure that those decisions have not been unduly influenced,” Information Commissioner Elizabeth Denham said in a report for the British parliament published on Tuesday.
“We have uncovered a disturbing disregard for voters’ personal privacy,” Denham said. “Social media platforms, political parties, data brokers and credit reference agencies have started to question their own processes – sending ripples through the big data eco-system.”
Facebook and the Irish data protection body did not immediately respond to a request for comment.
The Cambridge Analytica scandal exposed the role that personal data plays both for marketers and political groups in the internet age.
The political consultancy was able to harvest the data of 87 million people after a researcher created an app that was downloaded by 270,000 people, providing access not only to their own but also their friends’ personal data.
Europe’s General Data Protection Regulation (GDPR) was brought in by the EU in May to protect personal information and has forced the different online players to make sure they have permission from users to handle their data.
The British Commissioner has already slapped the highest possible fine of 500,000 pounds ($653,800) on Facebook for the misuse of data but said on Tuesday it was referring other outstanding issues to Ireland.
The BBC in October reported that a fake political advert had been posted to Facebook. Facebook had said earlier in October that advertisers who mentioned political figures, material or parties would be obliged to provide evidence of their identity and location and state on Facebook who was paying for the ad.
Facebook has also sought to give users more control over their privacy by making data management easier.
“We have referred our ongoing concerns about Facebook’s targeting functions and techniques that are used to monitor individuals’ browsing habits, interactions and behavior across the internet and different devices to the to the Irish Data Protection Commission,” the British watchdog said.
Credit data company Experian said it was aware of the ICO’s concerns and the use of data in political concerns.
“As a highly regulated business, we work closely with regulators and strictly comply with data protection laws in all of the countries that we operate in, and we remain vigilant when it comes to data security and integrity,” it said in a statement.
($1 = 0.7648 pounds)
Reporting by Kate Holton, Alistair Smout and Kylie MacLellan in London and Noor Zainab Hussain; editing by Guy Faulconbridge and Jane Merriman