The UK Information Commissioner looks likely to fine Facebook £500,000 over its enabling of Cambridge Analytica:
Facebook is set to be fined £500,000 by the UK’s privacy watchdog after it concluded the social media giant broke data laws.
The California-headquartered company failed to protect users' information and then failed to be clear about how that information had been harvested by others. That was the conclusion of a major report into whether personal data had been misused by both sides during the EU referendum.
[...]
In a progress update to a parliamentary select committee, the ICO said it had served Facebook with a notice of intent to issue its maximum fine after it found the company had twice breached the Data Protection Act 1998 (DPA). A final decision will be made after the social media giant has had a chance to respond.
While a fine of £500,000 is the biggest possible punishment available to the ICO, it is the same amount of money that Facebook makes in just a few minutes.
And that's the core problem: that the fines UK law enables are completely inadequate to provide any incentive whatsoever on a global company like Facebook. Still, they're better than New Zealand, which currently has a fine of a mere $2,000. The government's Privacy Bill (currently before select committee) will increase this to a whopping $10,000, which is still nothing like what is needed. The Privacy Commissioner wants to see that raised to $1 million, but that's less than the UK maximum, which is clearly inadequate. An EU-style cap set as a percentage of global turnover (not profit) would be far more effective at providing an incentive against multinational privacy abuse.