The Federal Trade Commission (FTC) has just released a press release stating that Facebook has been fined a record US$5 billion by the agency. According to the FTC, the fine is the “largest ever imposed on any company for violating consumers’ privacy.”
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices. The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations. The Commission takes consumer privacy seriously, and will enforce FTC orders to the fullest extent of the law.”FTC Chairman Joe Simons
The fine is in response to Facebook misleading its users with regards to their ability to control the privacy of their personal information. The key component of the investigation stems back to a 2012 FTC order. Facebook violated the order by sharing users friends’ data with third-party app developers, regardless of their friends’ privacy settings.
Facebook announced in April 2014 that it would stop allowing third-party developers to collect data about the friends of app users (“affected friend data”). Despite this promise, the company separately told developers that they could collect this data until April 2015 if they already had an existing app on the platform. The FTC alleges that Facebook waited until at least June 2018 to stop sharing user information with third-party apps used by their Facebook friends.FTC Press Release
In addition to the fine, Facebook must overhaul its privacy decision process. The 20-year settlement order not only creates greater accountability for the board of director but it also establishes an independent privacy committee. The committee members must be independent, will be appointed by an independent nominating committee, and can only be fired by a “supermajority” of board members.
Even more, new privacy requirements are being imposed on Facebook, including:
- Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;
- Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;
- Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;
- Facebook must establish, implement, and maintain a comprehensive data security program;
- Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext; and
- Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.
While $5 billion seems like a lot to you and me, it’s a drop in the bucket for Facebook. That being said, it is almost 20 times larger than the previous data security penalty which was the $275 million levied against Equifax. It will be interesting to see what kind of change the fine, restrictions, and modified corporate structure will bring to the social media platform.
For full details on the fine and settlement requirements, hit up the link to the FTC press release below.
What do you think about the fact that the FTC levied a $5 billion fine against Facebook? What do you think about the additional restrictions the FTC is requesting? Let us know in the comments below or on Twitter, Facebook, or MeWe.Source: FTC