The UK’s Information Commissioner’s Office (ICO) [official website] announced [press release] Wednesday that it intends to fine Facebook [corporate website] a maximum £500,000 for breaching the Data Protection Act of 1998 [text].

The announcement follows an investigation [investigation update] into whether campaigns on both sides of the EU membership issue inappropriately used personal data. Facebook with Cambridge Analytica [corporate website], among other organizations, have been the focus of the investigation. The ICO alleges Facebook violated the law because it failed to protect personal user data and did not effectively inform users how their data was going to be collected or used. The ICO also made recommendations in a separate report [text, PDF] for the government to implement changes to protect user data.

Mark Zuckerberg, CEO of Facebook, admitted [CNN interview] months ago that Facebook did not adequately protect users in the Cambridge Analytica fiasco.

Facebook will have an opportunity to respond to the ICO Commissioner’s Notice of Intent before a final decision on the fine. ICO Commissioner Elizabeth Denham [profile] commented:

New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.

This recent action by the ICO in the UK is among other international efforts to protect user data such as California’s passage [JURIST report] of the California Consumer Privacy Act in June.