The Federal Trade Commission (FTC) has officially penalized Facebook a groundbreaking $5 billion over privacy violations, the largest fine in FTC history.
According to a Wednesday press release from the FTC, the social network giant will also have to submit to new restrictions, as well as a modified corporate structure that will hold the company accountable for decisions made about users’ privacy.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” said FTC Chairman Joe Simons in the press release. “The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations. The Commission takes consumer privacy seriously, and will enforce FTC orders to the fullest extent of the law.”
Additionally, the order imposes further privacy requirements. These include greater oversight over third-party apps, prohibiting the use of telephone numbers to enable a security feature, providing clear and conspicuous notice of the use of facial recognition and user consent for this feature, the establishment of a data security program, prohibiting the company from asking for email passwords from new users to other services, and encryption of passwords.
These requirements also apply to current and future Facebook-owned companies, including Instagram and WhatsApp.
In a Facebook post, CEO Mark Zuckerberg spun the settlement as bringing “major structural changes” to the company.
“We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work. And we expect it will take longer to build new products following this process going forward,” Zuckerberg said in the post.
Zuckerberg later told employees that Facebook would “change the way that we operate across the whole company, from the leadership down and the ground up. We’re going to change how we build products. And if we don’t, then we’re going to be held accountable for it.”
Facebook also put out a press release on the settlement, spinning the settlement and changes to their policy as their choice, even though both were imposed on it by the FTC.
“The accountability required by this agreement surpasses current US law and we hope will be a model for the industry,” Facebook wrote in the statement.
This settlement is a result of violations Facebook made from a previous settlement with the FTC in 2012. Among these violations, the FTC alleges that Facebook shared user data with third-party app developers, misrepresented users’ ability to control the use of facial recognition and used deceptive practices when collecting users phone numbers for a security feature, which includes advertising purposes.
“For most Facebook users, their data privacy was not set by their own choices, but by the choices of their most click-happy friends,” said Gustav Eyler, Director of Civil Division Consumer Protection at the Department of Justice during a press conference at the FTC Wednesday morning.
Facebook will be required to designate compliance officers who will be responsible for the new privacy program. The social network will also have to implement an independent privacy committee of Facebook’s board of directors, which will be charged with creating greater accountability. These new compliance officers will create quarterly reports which will be shared with Zuckerberg and the FTC.
The FTC was divided on the settlement. The 3-2 vote went along party lines, with the pair of Democratic commissioners voting against it. One of them, Commissioner Rohit Chopra, tweeted that the agreement “sets a terrible precedent” because it doesn’t hold Zuckerberg, COO Sheryl Sandberg, or other top executives accountable for privacy violations.
2. Mark Zuckerberg, Sheryl Sandberg, and other executives get blanket immunity for their role in the violations. This is wrong and sets a terrible precedent. The law doesn’t give them a special exemption.
— Rohit Chopra (@chopracfpb) July 24, 2019
The settlement is almost 20 times greater than the world’s largest privacy/data security penalty to date. According to the press release, the second-highest penalty in privacy enforcement actions was issued in the case of the Consumer Financial Protection Bureau (CFPB) and States v. Equifax, which was $275 million.
That said, it’s a drop in the bucket for Facebook, which made $55 billion in revenue in 2018. The $5 billion fine is only 9% of that 2018 revenue. Facebook is also expected to release sky-high quarterly results on Wednesday. According to CNBC, Facebook stock has increased 54% this year.
Digital Trends reached out to Facebook for comment, but has yet to receive a response.