Facebook has been issued its first fine since the Cambridge Analytica scandal, the maximum penalty from the UK's data protection watchdog at £500,000.
The Information Commissioner's Office (ICO) said Facebook has failed to ensure Cambridge Analytica had deleted users' data and will also bring criminal action against the "data broker's" now defunct parent company, SCL Elections.
Sixteen months after it began its probe into political campaigners' use of personal data on Facebook, the ICO has said it will fine the social media platform £500,000 - the maximum amount allowable - for data breaches.
The ICO also raised concerns about political parties buying personal information from from firms such as Cambridge Analytica, which came under fire last year following whistleblower Christopher Wylie announcing the company had made unauthorised use of personal data from millions of Facebook users.
The watchdog found that Facebook had breached its own rules and failed to make sure that Cambridge Analytica had deleted this personal data.
While Cambridge Analytica insisted it had wiped the data in December 2015, the ICO said it had seen evidence that copies of the data had been shared with others.
An ICO spokesperson said: "This potentially brings into question the accuracy of the deletion certificates provided to Facebook."
Facebook, which has 28 days to contest the fine, said it had been working with UK authorities and acknowledged that it should have acted earlier in the Cambridge Analytica case, according to the FT.
News of the breaches came to light in March, prompting Facebook shares to fall 7% in one trading session. It was claimed the data was used to swing the US Presidential Elections, which saw Donald Trump win in 2016.
UK recovery mandate marking 10 years
Concerns rally is overextended
Female millennials invested 40% more year-to-date
Will compare with May 2017 results
Jane Ambachtsheer joins as global head of sustainability