The UK’s data watchdog, the ICO, finally obtained a warrant to enter and search the offices of Cambridge Analytica late Friday — carrying out an evidence gathering sweep of the company into the small hours of Saturday morning.
Cambridge Analytica is at the centre of a data misuse storm that’s wiped billions off the value of Facebook since newspaper revelations late last week revealed the extent of data swiped by the UK political consultancy which intended to use the information for the Trump campaign.
In a statement on its website today, the ICO said:
The warrant to inspect the premises of Cambridge Analytica was executed at 20.00 on 23 March 2018. Our investigators left the premises at about 03.00.
We will now need to assess and consider the evidence before deciding the next steps and coming to any conclusions.
This is one part of a larger investigation by the ICO into the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors.
ICO commissioner Elizabeth Denham has confirmed previously that complaints related to Cambridge Analytica’s use of Facebook data for political ad targeting form part of that larger, ongoing investigation.
It opened its formal investigation into the use of data analytics for political purposes in May 2017.
This week, after saying it had failed to obtain information it had requested from CA, the regulator applied for a warrant to enter and search CA’s offices — in the wake of reports by the New York Times and Observer of London based on interviews with former CA employee, Chris Wylie.
According to Wylie, CA used a survey app created by a Cambridge University academic to suck up data on 50M Facebook users. The intent was to use the information for political targeting purposes for the benefit of the Trump campaign.
Earlier this month Denham told a UK parliamentary committee that’s also running an investigation into fake news that she hoped to publish her review of digital political ad targeting this May. Although that was before the ICO decided it needed to apply for a warrant to raid CA’s offices.
The regulator has now said it will need time to sift through the evidence it gathered overnight — so it remains to be seen whether its wider review of political ad targeting will be delayed as a result.
In an online statement published yesterday, the acting CEO of CA, Alexander Taylor, apologized for Facebook “data and derivatives” having been obtained without consent “from most respondents”.
But he also claimed the company believed it was acting within Facebook’s policies and UK data protection law when it licensed the data from professor Aleksandr Kogan whose survey app was the Trojan horse used to gather 270,000 Facebook users’ data and their friends’ data — resulting in some 50M profiles being harvested in all.
“[CA] believed that the data had been obtained in line with Facebook’s terms of service and data protection laws,” writes Taylor.
He also claims that in October 2015 CA deleted the data from its file server after Facebook asked it to. But he seems less certain whether other copies might not have existed as he says the company “began the process of searching for and removing any of its derivatives in our system”.
“When Facebook sought further assurances a year ago, we carried out an internal audit to make sure that all the data, all derivatives and backups had been deleted, and gave Facebook a certificate to this effect. Please can I be absolutely clear: we did not use any GSR data in the work we did in the 2016 US presidential election,” he further claims.
“We are now undertaking an independent third-party audit to verify that we do not hold any GSR data,” Taylor adds. “We have been in touch with the UK Information Commissioner’s Office (ICO) since February 2017, when we hosted its team in our London office to provide total transparency on the data we hold, how we process it, and the legal basis for us processing it. I want to make sure we remain committed to helping the ICO in their investigations.”