The ICO statement on 24th March 2018.
I assume this is not the first-time such a civil & criminal investigation by the ICO.
The ICO’s investigation on the DeepMind-NHS saga (not a scandal?) revealed this:
However, an investigation by the ICO discovered several shortcomings in how the data was handled, including that patients were not adequately informed that their data would be used as part of the test. (Extracted from ‘review-agrees-that-deepmind-nhs-deal-lacked-clarity’)
Based on the reported news the Facebook-Cambridge Analytica (CA) scandal (Top EU privacy watchdog calls Facebook data allegations the ‘scandal of the century) and the DeepMind-NHS saga did not involve a breach of technical security and/or organisational security measures (excluding privacy policies and app/SLA-type driven contractual agreements).
What data protection and privacy principles have been violated/breached?
Would ethics be a yardstick in the final determination of the Facebook-CA scandal?