The fine is for Facebook not being clear with its users how their online behaviour was being monitored and used by third parties for political campaigns.
The UK’s information commissioner, Elizabeth Denham, said she would fine the social network as her office investigates how data belonging to tens of millions of users was improperly accessed.
The amount is the maximum allowed under the Data Protection Act 1998, but is a tiny amount for a company valued last year at around $590bn (£445bn).
The scandal took place before new EU data protection laws that allow much larger fines came into force.
Great detail from @alexhern & @davidtpegg story in @guardian. Under GDPR, Facebook could have been fined £359m 🔥🔥🔥 pic.twitter.com/awg82E4iSc
— Carole Cadwalladr (@carolecadwalla) July 10, 2018
Facebook, along with consultancy Cambridge Analytica, has been the focus of the investigation since February when evidence emerged that an app was used to harvest the data of 50 million Facebook users across the world.
The investigation by the Observer and New York Times found Global Science Research (GSR), which is owned by Cambridge University academic Aleksandr Kogan, collected information on up to 50 million people through a personality-testing app.
Hundreds of thousands gave permission for their data to be collected for academic use by the app, but it also collected information about their Facebook friends without letting them know, reports found.
This is now estimated at 87 million, according to the Information Commissioner’s Office.
Cambridge Analytica used data from millions of Facebook accounts to help Donald Trump’s 2016 presidential election campaign.
Facebook broke the law by failing to safeguard people’s data and not being transparent about how that data could be harvested, Denham said.
She said: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.
“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law.”
In response, Erin Egan, Facebook’s chief privacy officer said: “As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015.
“We have been working closely with the Information Commissioner’s Office in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries.”