The USA's Federal Trade Commission (FTC) has announced that Facebook has agreed to pay a $5 billion fine relating to its user privacy violations in the past. Facebook has also agreed to implementing several measures to improve how it handles users' data and privacy.

The fine, which is the largest ever to be imposed on a company for violating users' privacy, is the result of The FTC charges against Facebook in 2012 regarding how it deceived users about their ability to control the privacy of their personal information.

“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices. The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations. The Commission takes consumer privacy seriously, and will enforce FTC orders to the fullest extent of the law,” said Joe Simons, Chairperson of the FTC.

The great Facebook hack

The FTC held a press conference to confirm the $5 billion Facebook fine on the same day that Netflix released the documentary, The Great Hack, which tells the story of the Facebook and Cambridge Analytica privacy scandal and how it influenced Brexit, the 2016 USA elections and many other events around the world. The documentary interviews many of the ex-Cambridge Analytica staff to give viewers an understanding of how the data analytics company worked and operated.

In a related, but separate development, the FTC also announced today separate law enforcement actions against data analytics company Cambridge Analytica, its former Chief Executive Officer Alexander Nix, and Aleksandr Kogan, an app developer who worked with the company. They are alleged to have used "false and deceptive tactics to harvest personal information from millions of Facebook users."

Kogan and Nix have agreed to a settlement for an undisclosed amount with the FTC. Part of the settlement includes restrictions on how Nix and Kogan will conduct any future business.

Privacy requirements

As part of the settlement with Facebook, the FTC also announced several privacy requirements it expects Facebook to abide by. These new requirements cover all Facebook platforms including Instagram and WhatsApp.

"Facebook must conduct a privacy review of every new or modified product, service, or practice before it is implemented, and document its decisions about user privacy. The designated compliance officers must generate a quarterly privacy review report, which they must share with the CEO and the independent assessor, as well as with the FTC upon request by the agency. The order also requires Facebook to document incidents when data of 500 or more users has been compromised and its efforts to address such an incident, and deliver this documentation to the Commission and the assessor within 30 days of the company’s discovery of the incident."

Added to that, the Mark Zuckerberg founded company must also:

  • Exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;
  • Stop from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;
  • Provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;
  • Establish, implement, and maintain a comprehensive data security program;
  • Encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext; and
  • Stop from asking for email passwords to other services when consumers sign up for its services.

Given the list of other requirements from the FTC it would appear they took into consideration all the privacy violations by Facebook and its subsidiary platforms. It however remains to be seen how and whether Facebook will be able to implement such measures over the medium and long term and remain profitable and growing.

Share this via: