Facebook could be forced to pay a £500,000 fine for its role in a recent data breach scandal involving Cambridge Analytica, the UK’s Information Commissioner’s Office (ICO) announced.

The ICO, a government data protection body, said in a statement it launched an investigation in May 2017 looking at political parties, data analytic companies and major social media platforms. It said it intends to fine Facebook £500,000, the maximum it was able to impose, for two breaches of the Data Protection Act 1998.

Information Commissioner Elizabeth Denham said Facebook, along with UK-based data mining company Cambridge Analytica, had been a focus of the investigation earlier this year when it emerged the personal data of around 87 million Facebook users had been compromised.

“The ICO’s investigation concluded that Facebook contravened the law by failing to safeguard people’s information. It also found that the company failed to be transparent about how people’s data was harvested by others,” the ICO stated.

Facebook reportedly said it will respond to the allegations soon.

In addition to the fine levied against Facebook, the ICO said it will also begin legal proceedings against Cambridge Analytica’s parent company SCL Elections. It has also sent out letters to 11 political parties and notices “compelling them to agree to audits of their data protection practices”.

Speaking to the UK’s BBC News, Kyle Taylor, director of campaigning group Fair Vote UK, noted the ICO was only able to impose a maximum £500,000 fine because they followed old data protections laws.

“Under new General Data Protection Regulation laws, the ICO could fine Facebook £479 million,” he said.

Denham suggested a large penalty was not the major goal of the investigation: “Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system”.