The US Federal Trade Commission has officially announced its $5 billion fine against Facebook, following a lengthy investigation into the Cambridge Analytica scandal and other data breaches. Here's how that settlement affects you.
- How to enable Facebook Messenger's dark mode (no moon emoji required)
- Finally! Facebook Messenger is adding a threaded quote reply feature
Why did the FTC settle with Facebook?
The FTC found Facebook violated the law by not protecting user data from third parties, serving adverts through the use of phone numbers provided for security, and telling users that its facial recognition software is turned off by default. Facebook will pay $5 billion to settle those charges. It's the second-largest fine ever served by the FTC. Facebook's settlement also includes new restrictions.
According to The Washington Post, the FTC voted to approve the $5 billion fine along party lines, with the Democratic minority members rejecting the settlement as insufficient. Lastly, alongside the multi-billion-dollar FTC fine, Facebook has been ordered to pay a $100 million penalty to the Securities and Exchange Commission for failing to disclose data breaches to its investors.
How does this all affect you?
Facebook's $5 billion fine does not directly impact you, per se. But Facebook will be required to abide by new restrictions, including that CEO Mark Zuckerberg will no longer have sole control over privacy matters at the company.
Here are the fundamental changes:
- Facebook’s board must create a new committee to monitor privacy practices
- Facebook must report to the FTC when data of 500 or more users is compromised
- Facebook's CEO and compliance officers must conduct privacy reviews every quarter
The most interesting change is that Facebook must now do a privacy review of every new product or service that it creates, and then these reviews must be submitted to the CEO and a third-party assessor every quarter. As part of this process, Facebook must obtain purpose and use certifications from apps and third-party developers who are collecting user data.
Facebook’s facial recognition software is also affected by the new rules, as the company will be required to get consent to create new facial recognition models. In a blog post, Facebook said the settlement would "require a fundamental shift in the way we approach our work, and it will place additional responsibility on people building our products at every level of the company".
Is this a win for Facebook?
Unfortunately, there are no limits as to what data access Facebook can authorise once developers disclose their practices every quarter. Commissioner Rohit Chopra, therefore, published a harsh dissent, questioning whether the settlement will have any consequential impact:
“The settlement’s $5 billion penalty makes for a good headline. But the terms and conditions, including blanket immunity for Facebook executives and no real restraints on Facebook’s business model, do not fix the core problems that led to these violations. . .
The settlement imposes no meaningful changes to the company’s structure or financial incentives, nor does it include any restrictions on the company’s mass surveillance or advertising tactics. Instead, the order allows Facebook to decide for itself how much information it can harvest from users and what it can do with that information, as long as it creates a paper trail. . .
When companies can violate the law, pay big penalties, and still turn a profit while keeping their business model intact, enforcement agencies cannot claim victory. . . If we cannot fix these problems, then policymakers must come together here at home and around the world to confront business models that rely on surveillance and profit from manipulation."
Another dissent from commissioner Rebecca Kelly Slaughter said the FTC should have initiated litigation against Facebook: “When executives at large companies exercise control over decisions, including decisions to break the law, they should be held accountable". Lastly, according to Bloomberg Law, Sen. Richard Blumenthal (D-CT) called Facebook's settlement and penalties a “pin-prick".
But the three supporting commissioners argued otherwise, saying the settlement imposes "a new corporate governance structure, with corporate and individual accountability and more rigorous compliance monitoring". They added, "This approach dramatically increases the likelihood that Facebook will be compliant. . . if there are any deviations, they likely will be detected and remedied quickly.”
So, what about the DOJ investigation?
If you feel like Facebook got off with a slap on the wrist, you may be happy to know the US Department of Justice has announced a new investigation into Facebook as part of an antitrust review exploring whether big tech companies stifle competition. Although Facebook was not explicitly named by the DOJ in its formal announcement, Facebook has already confirmed it is one of the subjects.
While reporting its second 0uarter financial results, Facebook said the FTC informed it of the investigation in June 2019.