WASHINGTON: US regulators on Wednesday slapped a record $5 billion fine on Facebook for privacy violations in a wide-ranging settlement that calls for revamping privacy controls and oversight at the social network.
The Federal Trade Commission said the penalty was the largest ever imposed on any company for violating consumers’ privacy and one of the largest penalties ever assessed by the US government for any violation.
However, two Democratic members of the five-member FTC dissented, arguing the agreement failed to go far enough to rein in Facebook business practices that endanger consumers.
As part of the agreement, Facebook will be required to create a privacy committee within its board of directors to be appointed by an independent nominating committee.
This would end “unfettered control” of decisions on privacy by Facebook’s chief executive Mark Zuckerberg, the FTC statement said.
FTC Chairman Joe Simons said the penalty was appropriate to address concerns over Facebook’s misuse of personal information.
“The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC,” Simons said in a statement after the agency voted 3-2 along party lines to approve the settlement.
“The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”
Under the agreement, Facebook’s CEO and staff must submit to FTC quarterly certifications that the company is in compliance with the privacy program, along with an annual certification.
Facebook also will be required to conduct a privacy review of every new or modified product, service, or practice before it is implemented, including for its WhatsApp and Instagram services.
– Not far enough? –
Facebook’s top lawyer Colin Stretch said the agreement “will require a fundamental shift in the way we approach our work and it will place additional responsibility on people building our products at every level of the company,” but others said it didn’t go far enough.
FTC commissioner Rohit Chopra rejected the settlement, saying it “does little to change the business model or practices that led to the recidivism,” while the second dissenting commissioner, Rebecca Slaughter, said the government should have instead taken Facebook to court.
Marc Rotenberg of the Electronic Privacy Information Center said the FTC action was “too little, too late” and called for tougher privacy laws.
“American consumers cannot wait another decade for the commission to act against a company that violates their privacy rights,” Rotenberg said. “Congress should move quickly to establish a data protection agency.”
Charlotte Slaiman of the consumer group Public Knowledge also expressed concern that the settlement would do little to change Facebook’s business practices.
“Under this settlement, Facebook does not have to meaningfully change how it collects and uses your data,” Slaiman said.
The probe into Facebook comes as sentiments in Washington appear to be shifting against Silicon Valley firms.
This week, US antitrust enforcers said they would review major online platforms to determine if they have stifled competition, without signaling any specific action.
The FTC last year reopened its investigation of Facebook, which reached a 2011 settlement on handling private data, after further revelations that it mishandled personal information.
The move came after Facebook acknowledged data on tens of millions of users had been hijacked by Cambridge Analytica, a consultancy working on the 2016 Donald Trump campaign.
– Cambridge Analytica settlement –
In a separate agreement with stock market regulators, Facebook agreed to pay a $100 million penalty for making “misleading disclosures regarding the risk of misuse of Facebook user data” in the investigation on Cambridge Analytica.
“We allege that Facebook exacerbated its disclosure failures when it misled reporters who asked the company about its investigation into Cambridge Analytica,” said Erin Schneider, head of the regional enforcement division of the Securities and Exchange Commission.
The FTC announced a separate settlement on the Cambridge Analytica case that calls for its app developer Aleksandr Kogan and former Cambridge Analytica CEO Alexander Nix to delete or destroy any personal information they collected.
Cambridge Analytica itself has filed for bankruptcy and has not settled the FTC’s investigation.
The agreement comes as the social network, which has more than two billion users worldwide, shifts away from its role as a “digital town square” to focus on private connections and small groups, based on a new vision outlined by Zuckerberg.
Facebook is also seeking to launch its own digital currency called Libra, which has raised concerns among regulators.