The US Federal Trade Commission has issued what looks to be a largely symbolic ruling against the remnants of data-harvesting marketers Cambridge Analytica.
In a unanimous 5-0 ruling (PDF) issued on Friday, the trade body declared that the defunct British marketing intelligence operation ran afoul of laws against deceptive business practices and was in violation of the EU-US Privacy Shield Framework.
The findings stem from the FTC's July complaint filing against Cambridge Analytica, alleging that the political marketing company lied to Facebook users when it pitched its GSRApp as a "personality test" that would not collect or sell identifiable information.
In reality, Cambridge Analytica was found to have collected personal information on tens of millions of people and then used that data to train algorithms for specifically-targeted campaign ads. That, the FTC says, was definitely not legal.
"We conclude that Cambridge Analytica’s representation to App Users who authorized the GSRApp that it would not collect their identifiable information was a false and material, and hence deceptive, claim," the decision reads.
Additionally, the FTC was charged with deciding whether or not Cambridge Analytica fell afoul of the trans-Atlantic EU US Privacy Shield framework when it let its certification expire, while still telling people outside the company that it was in compliance with the regulations.
"We conclude that Cambridge Analytica’s express representation that it remained a participant in the Privacy Shield framework after its certification had lapsed was false and material, and hence deceptive," the Commission declared.
Finally, there was the matter of adherence to the Privacy Shield itself, which the company claimed to follow. Again, and not surprisingly, the FTC found the firm in violation of that framework as it had both lost its certification and had failed to notify the US Department of Commerce of the lapse.
Cambridge Analytica didn't perform work for Leave.EU? Uh, not so fast, says whistleblowerREAD MORE
"We find that, by representing that it was compliant with Privacy Shield principles, Cambridge Analytica necessarily represented that it was complying with the Privacy Shield requirement to affirm to Commerce its commitment to continue to apply Privacy Shield protections to the personal information it had collected for as long as it retained this data," the FTC found.
"This claim was false and misleading because Cambridge Analytica had, in fact, failed to make the required affirmation to Commerce after its Privacy Shield certification lapsed."
Not that any of this will mean much in the grand scheme of things. Cambridge Analytica was shut down as a going concern last year, and its CEO and App Developer settled their involvement back in July.
Still, the ruling makes it official record that Cambridge Analytica broke the law and was subject to legal action as a result. ®