Facebook is notching a record breaker. The Federal Trade Commission on Wednesday revealed that Facebook consented to pay a $5 billion fine over personal privacy offenses and its failure to notify 10s of countless users about an information leakage that occurred years back. The fine is the biggest the United States regulator has actually imposed versus a tech business.
The settlement will need Facebook CEO Mark Zuckerberg, along with other designated compliance officers, to accredit that the business is taking actions to safeguard user personal privacy. An incorrect declaration might possibly expose them to charges. The order likewise gets rid of a few of Zuckerberg’s control over personal privacy choices by developing an independent personal privacy committee of the business’s board of directors.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” stated FTC Chairman Joe Simons in a release. “The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”
The multibillion-dollar fine — which remains in addition to a— marks the very first substantial penalty Facebook has actually gotten for the storm of personal privacy and security scandals that have actually swallowed up the business for more than a year. The concerns, which vary from the spread of phony news to incorrectly protected individual information, have actually triggered federal governments all over the world to think about controling socials media.
Facebook CEO Mark Zuckerberg stated in a declaration Wednesday that the social media would make “major structural changes” to how it develops items and performs service.
“We have a responsibility to protect people’s privacy,” Zuckerberg composed. “We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.”
The FTC settlement could mark a turning point in how governments treat social networks like Facebook, Twitter, Instagram and YouTube for bad behavior. Over the years, harassers, trolls and propagandists have taken advantage of the sites, which often don’t strictly enforce their own rules. That’s created increasingly toxic environments in which personal attacks, hatred and fake news spread. It’s also allowed the sites to be exploited by governments, such as Russia’s illegal influence in the 2016 US presidential election.
Though the US is just starting its efforts to rein in tech, the European Union and the UK are ramping up privacy protections for their citizens. The EU has begun enforcing the General Data Protection Regulation (GDPR), a sweeping law that requires companies to give people control over their data and to quickly inform them if data is mishandled. The UK, meanwhile, is considering new regulatory roles in government to safeguard internet users’ interests and punish companies that don’t. But none of them has yet taken on Facebook directly.
The settlement follows months of negotiations after the FTC claimed Facebook had violated a 2011 agreementafter breaking promises to users that it would do so. In April, Facebook telegraphed that a deal was in the works by telling investors it was prepared to pay as much as $5 billion related to the FTC investigation. That’s significantly higher than the previous record, set when Google paid $22.5 million in a 2012 FTC settlement .
At one point in negotiations with Facebook, the FTC considered a higher fine, according to reporting from the Washington Post. There was also debate about whether to make Zuckerberg personally accountable for the company’s privacy screwups.
“If the FTC is seen as traffic police handing out speeding tickets to companies profiting off breaking the law, then Facebook and others will continue to push the boundaries,” wrote Democratic Sen. Richard Blumenthal of Connecticut and Sen. Josh Hawley, a Missouri Republican, in a May letter to the FTC.
In response to the FTC settlement, Facebook on Wednesday said it’s made large strides on privacy but more changes are in store.
“We will be more robust in ensuring that we identify, assess and mitigate privacy risk,” wrote Facebook’s Colin Stretch in a blog post. “We will adopt new approaches to more thoroughly document the decisions we make and monitor their impact. And we will introduce more technical controls to better automate privacy safeguards.”
The settlement also imposes other privacy requirements, including greater oversight over third-party apps and “clear and conspicuous notice” of its use of facial recognition. Facebook must also encrypt user passwords and regularly check for any passwords stored in plain text. In addition, the order prohibits the social network from using phone numbers it obtained to enable two-factor authentication for advertising and from “asking for email passwords to other services when consumers sign up for its services.”
The US Department of Justice, which worked with the FTC, said it’s committed to making sure Facebook and other social media companies don’t mislead consumers about their personal information.
“This settlement’s historic penalty and compliance terms will benefit American consumers, and the Department expects Facebook to treat its privacy obligations with the utmost seriousness,” said Jody Hunt, assistant attorney general for the DOJ’s Civil Division, in a release.
The FTC fine stems from Facebook’s inability to control the data of as many as 87 million of its users. That info ended up in the hands of Cambridge Analytica, a political consultancy. The organization has been accused of using data gleaned from Facebook users to influence political campaigns, including the Brexit vote and the 2016 presidential campaign that led to the election of Donald Trump.
Also on Wednesday, the Securities and Exchange Commission announced it’ll fine Facebook $100 million as part of a settlement tied to a probe into the social network’s handling of users’ data. The investor protection agency alleged that Facebook’s public disclosures didn’t offer sufficient warning that developers and other third parties may, in obtaining user data, have violated the social network’s policies or failed to gain user permission.
Originally published July 24 at 5:45 a.m. PT.
Update at 6:24 a.m. PT: Adds statement by Mark Zuckerberg. 7:09 a.m. PT: Adds more details on the settlement and the statement by Jody Hunt.
Watch our video on how to delete or disable your Facebook account: We walk you step-by-step on saving your data and removing your account.