Facebook has received a ton of criticism for its role in the Cambridge Analytica data breach controversy that saw the personal information of tens of millions of users fall into the hands of a shady research firm. However, the company had yet to face any real punishment (besides a hit to its stock prices) — until this week. The UK government announced it will fine the social media giant over $600,000 for its part in the scandal.

While that’s the maximum amount that the agency can fine Facebook, it’s not nearly enough to make up for the data that was collected from roughly 87 million users.

“Facebook users will be rightly concerned that the company left their data far too vulnerable to being collected without their consent by developers working on behalf of companies like Cambridge Analytica,” Damian Collins, the UK politician in charge of an online disinformation committee, said in a statement. “The number of Facebook users affected by this kind of data scraping may be far greater than has currently been acknowledged.”

Of course, the sum of money in the fine means pretty much nothing to Facebook; it only equates to about seven minutes’-worth of the company’s revenue. But the fact that it’s facing any kind of punishment at all in its careless handling of user data is a resounding victory for user privacy.