The ICO said in a statement that the company had processed the personal information of users ‘unfairly’ between 2007 and 2014 by giving app developers access to data without their ‘clear and informed consent’, and also failed to properly check which apps and developers were using the platform.

Data scientist Aleksandr Kogan developed a Facebook personality survey app through which the personal data of up to 87 million users was harvested, some of which was later shared with the parent company of Cambridge Analytica. The harvested data included the personal information of ‘at least one million’ UK Facebook users, the ICO said.  

The ICO announced its intention to fine Facebook in July but the fine has now been upheld after considering representations from the company.

Elizabeth Denham, information commissioner, said: "Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data. A company of its size and expertise should have known better and it should have done better."

The fine of £500,000 was served under the Data Protection Act 1998, which was replaced by the new Data Protection Act and the EU’s General Data Protection Regulation (GDPR) in May. Under the terms of GDPR, the maximum fine would have been much higher – £17m or four percent of the company’s global turnover.

The ICO has been investigating how data analytics is employed for political reasons since early 2017, when it began looking into whether personal information had been misused by campaigns during the EU referendum, later expanding its investigation to include political parties, analytics companies and social media platforms.

Denham said further discussion is needed about whether current legal, ethical and regulatory frameworks are "adequate to protect the principles on which our society is based".

A further update on the investigation will be shared with the government’s Digital, Culture, Media and Sport select committee on 6 November.