Facebook has been hit with the largest fine ever instituted against a tech company for privacy or anti-trust breaches. The Federal Trade Commission (FTC) has announced a $5 billion settlement with Facebook following a year-long investigation into the Cambridge Analytica scandal and other privacy breaches.
In the agreement, as revealed by The Verge, the FTC alleges that Facebook violated the law by failing to protect data from third parties, serving ads through the use of phone numbers provided for security, and lying to users that its facial recognition software was turned off by default. In order to settle those charges, Facebook will have to pay $5 billion and agree to a series of new restrictions on its business, as the FTC revealed in a new statement:
The Order imposes a privacy regime that includes a new corporate governance structure, with corporate and individual accountability and more rigorous compliance monitoring. This approach dramatically increases the likelihood that Facebook will be compliant with the Order; if there are any deviations, they likely will be detected and remedied quickly.
Aside from the multibillion-dollar fine, Facebook is also required to conduct a privacy review of every new product or service that it develops, which must be submitted to the CEO and a third-party assessor every quarter. Facebook will also now be required to obtain purpose and use certifications from apps and third-party developers that want to use Facebook user data. However, there are no limits on what data access the company can authorize to those groups once the disclosure is made. Facebook will be required to now obtain consent to create new facial recognition models, although it will not be required to destroy old models that may have been created without such consent.
Together with the agreement, Facebook will also pay $100 million to the Securities and Exchange Commission for failing to disclose the breach to investors.
Facebook has also provided an official response to the news in a blog post:
The agreement will require a fundamental shift in the way we approach our work and it will place additional responsibility on people building our products at every level of the company. It will mark a sharper turn toward privacy, on a different scale than anything we’ve done in the past.
This fine is no doubt a massive financial blow to the company though one which the company could probably weather. It will be interesting to see if it does change the company for the positive or if it will continue to find ways to circumvent customer privacy in the quest to find more revenue and profit in a competitive market space.
Last Updated: July 25, 2019