TBILISI(BPI)- Governments around the world are figuring out how they want to punish Facebook for its privacy screw-ups.
Facebook is notching a record breaker. The Federal Trade Commission on Wednesday announced that Facebook agreed to pay a $5 billion fine over privacy violations and its failure to inform tens of millions of users about a data leak that happened years ago. The fine is the largest the US regulator has levied against a tech company.
The settlement will require Facebook CEO Mark Zuckerberg, as well as other designated compliance officers, to certify that the company is taking steps to protect user privacy. A false statement could potentially expose them to penalties. The order also removes some of Zuckerberg’s control over privacy decisions by creating an independent privacy committee of the company’s board of directors.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” said FTC Chairman Joe Simons in a release. “The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”
The multibillion-dollar fine — which is in addition to a $100 million settlement with the US Securities Exchange Commission — marks the first significant punishment Facebook has received for the storm of privacy and security scandals that have engulfed the company for more than a year. The issues, which range from the spread of fake news to improperly secured personal data, have prompted governments around the world to consider regulating social networks.
Facebook CEO Mark Zuckerberg said in a statement Wednesday that the social network would make “major structural changes” to how it builds products and conducts business.
“We have a responsibility to protect people’s privacy,” Zuckerberg wrote. “We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.”
Though the US is just starting its efforts to rein in tech, the European Union and the UK are ramping up privacy protections for their citizens. The EU has begun enforcing the General Data Protection Regulation (GDPR), a sweeping law that requires companies to give people control over their data and to quickly inform them if data is mishandled. The UK, meanwhile, is considering new regulatory roles in government to safeguard internet users’ interests and punish companies that don’t. But none of them has yet taken on Facebook directly.
The settlement follows months of negotiations after the FTC claimed Facebook had violated a 2011 agreement to protect user privacy after breaking promises to users that it would do so. In April, Facebook telegraphed that a deal was in the works by telling investors it was prepared to pay as much as $5 billionrelated to the FTC investigation. That’s significantly higher than the previous record, set when Google paid $22.5 million in a 2012 FTC settlement over tracking users.
At one point in negotiations with Facebook, the FTC considered a higher fine, according to reporting from the Washington Post. There was also debate about whether to make Zuckerberg personally accountable for the company’s privacy screwups.
In response to the FTC settlement, Facebook on Wednesday said it’s made large strides on privacy but more changes are in store.
The settlement also imposes other privacy requirements, including greater oversight over third-party apps and “clear and conspicuous notice” of its use of facial recognition. Facebook must also encrypt user passwords and regularly check for any passwords stored in plain text. In addition, the order prohibits the social network from using phone numbers it obtained to enable two-factor authentication for advertising and from “asking for email passwords to other services when consumers sign up for its services.”
The US Department of Justice, which worked with the FTC, said it’s committed to making sure Facebook and other social media companies don’t mislead consumers about their personal information.
“This settlement’s historic penalty and compliance terms will benefit American consumers, and the Department expects Facebook to treat its privacy obligations with the utmost seriousness,” said Jody Hunt, assistant attorney general for the DOJ’s Civil Division, in a release.
The FTC fine stems from Facebook’s inability to control the data of as many as 87 million of its users. That info ended up in the hands of Cambridge Analytica, a political consultancy. The organization has been accused of using data gleaned from Facebook users to influence political campaigns, including the Brexit vote and the 2016 presidential campaign that led to the election of Donald Trump.
Also on Wednesday, the Securities and Exchange Commission announced it’ll fine Facebook $100 million as part of a settlement tied to a probe into the social network’s handling of users’ data. The investor protection agency alleged that Facebook’s public disclosures didn’t offer sufficient warning that developers and other third parties may, in obtaining user data, have violated the social network’s policies or failed to gain user permission.