As the fallout of data firm Cambridge Analytica continues, a U.K. data privacy watchdog group has ordered that the company cede all of the personal information it collected from an American professor back to him, noting that even non-British citizens have the right to seek and obtain data held by a British firm. In doing so, the Information Commissioner’s Office (ICO) has set a precedent for how Cambridge Analytica and other firms would have to deal with illegally collected information, potentially allowing millions of other U.S. Facebook users to demand information on exactly what data companies have on them.
In a notice posted on Saturday, the ICO said that it had “served a legal notice on SCL Elections Ltd,” the parent company of Cambridge Analytica, “ordering it give an academic all the personal information the company holds about him.” In total, the company will have 30 days to comply with the subject access request, as submitted by Professor David Carroll. If Cambridge Analytica does not do so, it will be violating the Data Protection Act of 1998, and will be committing a criminal offense “punishable in the courts by an unlimited fine.”
Carroll first submitted a request to Cambridge Analytica for his data in January 2017, at which point SCL Group requested that he submit a 10 pound fee and proof of identity in order to obtain such information. In March, he received a spreadsheet that the company claimed contained all of his personal data to which he was legally entitled. But Carroll was not convinced that this was truly the extent of the damage, nor did he receive an “adequate explanation of where it had been obtained from or how it would be used.” As such, he complained to the ICO last September, and now eight months later, may finally be getting his way.
“[SCL Group] has consistently refused to co-operate with our investigation into this case and has refused to answer our specific enquiries in relation to the complainant’s personal data — what they had, where they got it from and on what legal basis they held it,” said Information Commissioner Elizabeth Denham in statement. “The right to request personal data that an organization holds about you is a cornerstone right in data protection law and it is important that Professor Carroll, and other members of the public, understand what personal data Cambridge Analytica held and how they analyzed it.”
The Commissioner concluded, “We are aware of recent media reports concerning Cambridge Analytica’s future but whether or not the people behind the company decide to fold their operation, a continued refusal to engage with the ICO will potentially breach an Enforcement Notice and that then becomes a criminal matter.”
