Facebook is paying a record-breaking $5 billion penalty — and agreeing to major overhauls.
Federal Trade Commission Chairman Joe Simons, whose agency imposed the record-breaking fine on Wednesday for data breaches in the run-up to the 2016 presidential election, called it “an historic victory for American consumers.”
Last year, Facebook FB, -0.48% announced that U.K.-based Cambridge Analytica improperly accessed 87 million Facebook users’ data. Facebook chief executive Mark Zuckerberg testified before Congress and vowed to do more to fix the problem, and help make sure that nothing like that happens again. Cambridge Analytica closed down in the wake of the scandal.
Facebook’s insisted the app broke the social-media site’s terms. But when the scandal broke, Facebook was already under a 2012 consent order with the FTC for misrepresenting how much data third-party applications were sharing. The FTC alleged the scandal showed Facebook was breaking the rules of the 2012 order and engaging in new deceptive practices.
Zuckerberg will have to vouch the company is following the FTC’s terms, and he could be personally liable for civil, and even criminal penalties, if there are any false certifications in the future, Simons said.
“We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry,” Zuckerberg wrote on Wednesday. He has also pledged “major structural changes.”
“The FTC’s action is too little, too late,” Marc Rotenberg, president of the Electronic Privacy Information Center, said in a statement Wednesday. “American consumers cannot wait another decade for the commission to act against a company that violates their privacy rights. Congress should move quickly to establish a data protection agency.”
A ‘privacy committee’ will be incorporated into Facebook’s board
The settlement establishes an independently-appointed privacy committee to be incorporated into Facebook’s board and the committee will focus on the company’s data-protection efforts and risks. The committee will work with an independent assessor and have compliance officers who can be fired only by the committee.
Chris Hughes, Facebook’s co-founder, wrote in May that Zuckerberg, by himself, can decide how to set Facebook’s algorithms which “determine what people see in their News Feeds, what privacy settings they can use and even which messages get delivered.”
Facebook also has to carry out “privacy reviews” for every new or amended product, service and practice before it goes live.
Speedy reporting requirements when user data is at risk of misuse
If user data is compromised, for instance in a cyber attack, Facebook will need to quickly flag the incident to the FTC and the third-party assessor.
The settlement terms say when the data of at least 500 users is compromised, the company has 30 days from the time of discovery to tell the FTC and the assessor about the incident and remediation steps. If the problem persists, Facebook needs to keep the agency and assessor up to date until there’s a solution.
Facebook must give ‘clear and conspicuous’ notice of facial recognition
One way Facebook violated its 2012 order was “implying” to some 60 million users they could choose to activate facial-recognition technology when posting videos and photos, the FTC said. But the technology was already turned on by default for those users, the agency said.
Facebook now has to give “clear and conspicuous notice of its use of facial recognition technology.” It must also be worded so it’s “easily understandable by ordinary consumers,” according to the settlement.
The site also needs to get the user’s consent before it uses the facial recognition data in any way that could exceed what users have already agreed to in their privacy settings.
This is the first FTC order to address the use of biometric information, according to Simons.
Don’t miss: Read this before using FaceApp — you give up more personal data than you realize on this Russian-made app
Government supervision will last a long time
Facebook has to abide by the settlement’s terms and conditions for 20 years. For perspective, the company was founded 15 years ago, in 2004.
Furthermore, the agreement doesn’t just apply to Facebook and how users interact with the site. The same set of 20-year reporting and compliance standards also apply to Instagram and WhatsApp, the image sharing and messaging platforms that Facebook owns.
Every quarter, Facebook has to vouch to the FTC that it’s in compliance with the deal’s terms.
America’s privacy laws pale in comparison to a number of other countries
Zuckerberg wrote “these changes go beyond anything required under US law today. The reason I support them is that I believe they will reduce the number of mistakes we make and help us deliver stronger privacy protections for everyone.”
But America is the only highly industrialized country without a government agency dedicated to its citizens’ data protection, EPIC notes.
Facebook shares are up 53% since year to date. The Dow Jones Industrial Average DJIA, +0.19% is up almost 17% and the S&P 500 SPX, +0.74% is up 20% over the same period.
Add Comment