Facebook's been slapped with the maximum fine possible by the UK Information Commissioner’s Office for its part in the Cambridge Analytics scandal.
Confirming a notice of intent in July, the ICO has ordered the company to pay £500,000 ($645,150) for failing to control the use of personal data.
And this is getting off lightly - the fine has been imposed under legislation that predates Europe's General Data Protection Regulation (GDPR), under which the penalty would have been vastly higher.
Between 2007 and 2014, Facebook gave application developers access to users' information without sufficiently clear and informed consent - even when users hadn't downloaded the app, but were simply ‘friends’ with people who had.
The company also failed to vet the apps and developers using its platform - with one developer, Dr Aleksandr Kogan and his company GSR, harvesting the Facebook data of up to 87 million people worldwide without their knowledge.
It's a subset of this data that was apparently later shared with SCL Group, the parent company of Cambridge Analytica, and exploited to boost Donald Trump's campaign in the 2016 presidential elections.
Even after the data misuse was discovered in 2015, says the ICO, Facebook failed to suspend SCL Group from its platform for three years.
"Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data. A company of its size and expertise should have known better and it should have done better," says information commissioner Elizabeth Denham.
"We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR."
Under GDPR, Facebook could have been liable for a fine of 4% of global turnover - more than a billion and a half dollars.
While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015," says a Facebook spokesperson.
"We are grateful that the ICO has acknowledged our full co-operation throughout their investigation and have also confirmed they have found no evidence to suggest UK Facebook users' data was in fact shared with Cambridge Analytica."
'Full' cooperation is perhaps putting it a bit strongly. While earlier this year Kogan and the head of Cambridge Analytica, Alexander Nix turned up at Parliament to be questioned over the affair, Mark Zuckerberg refused, sending subordinates in instead.
The spokesperson also said that Facebook is 'hopeful' that the ICO will now give it access to Cambridge Analytica's servers so that the company can audit the data that was handed over. It's been wanting access to this for quite a while, having been booted out of Cambridge Analytica's offices back in March after trying to carry out its own search.
An ICO spokeperson refused to comment on whether the company would get its wish.
