Doobie Doo
Veteran
Facebook just got clobbered with a record $5 billion penalty over the Cambridge Analytica data breach
Isobel Asher Hamilton
1h
Facebook CEO Mark Zuckerberg.
AP
The Federal Trade Commission announced today that it has slapped Facebook with a $5 billion penalty over its handling of user data, which came to light after the Cambridge Analytica scandal.
The settlement is the result of Facebook violating a 2012 agreement with the FTC, in which it promised not to hand over user data to third parties without consent.
It represents the biggest penalty the FTC has handed down to a technology company, with the regulator calling it "unprecedented."
July 24, 2019 " data-e2e-name="embed-container" data-media-container="embed" style="box-sizing: border-box; margin-top: 20px; margin-bottom: 20px;">
FTC
✔@FTC
https://twitter.com/FTC/status/1154008896446586881
Facebook assessed $5 billion penalty, subjected to sweeping new restrictions on user privacy decisions to settle FTC charges the company violated a 2012 FTC order by deceiving users about their ability to control privacy of their personal info. Read more: https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions …
71
8:42 AM - Jul 24, 2019
Twitter Ads info and privacy
121 people are talking about this
"The $5 billion penalty against Facebook is the largest ever imposed on any company for violating consumers' privacy and almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide," the FTC said in a press statement.
Facebook must make sweeping changes to its privacy standards
As well as a penalty, a wider settlement requires Facebook to make sweeping changes to its privacy practices and submit itself to more independent scrutiny than ever before.
Facebook will be required to restructure its board of directors, mandating an independent privacy committee. The FTC said this committee will remove CEO Mark Zuckerberg's "unfettered control" over user privacy, and will be responsible for appointing "compliance officers" to Facebook's privacy programme. These officers will be held accountable for the firm's privacy standards.
Members of the new committee must be appointed by an "independent nominating committee," and can only be fired by a "supermajority" of Facebook's board of directors.
Ime Archibong.
Getty
Facebook's VP of Product Partnerships Ime Archibong wrote in a blog post that the restructuring will mean a "fundamental shift in the way we work."
"Under the new framework required by the FTC, we'll be accountable and transparent about fixing old products that don't work the way they should and building new products to a higher standard," wrote Archibong.
The FTC also included a list of six new privacy requirements it's imposing on Facebook. These include:
"Going forward, when we ship a new feature that uses data, or modify an existing feature to use data in new ways, we'll have to document any risks and the steps we're taking to mitigate them. We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work. And we expect it will take longer to build new products following this process going forward," said Zuckerberg.
Read more: Facebook gets slammed by new lawsuit from DOJ accusing it of failing to protect your privacy
Facebook said it was expecting the fine in its first-quarter earnings report last month, saying that it had set aside $3 billion to $5 billion in anticipation. The company is due to give its second-quarter earnings report later on Wednesday.
Although the FTC fine has been long-anticipated, it has landed amid a flurry of regulatory activity. Less than an hour after the FTC announced the penalty, the Securities and Exchange Commission fined Facebook $100 million for "misleading investors" in the wake of Cambridge Analytica. The day before both penalties landed, theDepartment of Justice announced a sweeping antitrust probe into the big tech giants.
Two members of the FTC, Rohit Chopra and Rebecca Kelly Slaughter, felt the penalty was not harsh enough. "While it is difficult in this case to quantify the economic value of the violations to the company, there is good reason to believe $5 billion is a substantial undervaluation," Slaughter wrote in a statement to CNBC.
DOJ sues Facebook for misleading users
Separately, the FTC said the Department of Justice is suing Facebook for "repeatedly using deceptive disclosures and settings to undermine users' privacy" following a year-long investigation. The lawsuit alleges that Facebook broke its 2012 privacy pact with the FTC after it:
Alexander Nix.
Reuters
The FTC simultaneously announced it is suing the now-defunct Cambridge Analytica, and has reached settlements with disgraced former CEO Alexander Nix and app developer Aleksandr Kogan, whose "This Is Your Digital Life" app scraped the user data then used by Cambridge Analytica.
The pair have "agreed to administrative orders restricting how they conduct any business in the future, and requiring them to delete or destroy any personal information they collected," according to the FTC.
SEE ALSO: 'Shame on Mark Zuckerberg': Facebook enraged lawmakers again after evading questions about its year from hell
Facebook just got clobbered with a record $5 billion penalty over the Cambridge Analytica data breach
Isobel Asher Hamilton
1h
Facebook CEO Mark Zuckerberg.
AP
- The Federal Trade Commission just slammed Facebook with a record $5 billion penalty over its handling of user data following the giant Cambridge Analytica breach last year.
- The FTC settlement also requires Facebook to make sweeping changes to its privacy practices and submit itself to more independent scrutiny than ever before.
- Facebook must establish a board-level independent privacy committee and designate "compliance officers," who will be held accountable for the firm's privacy standards.
- Separately, the Department of Justice is suing Facebook for "repeatedly using deceptive disclosures and settings to undermine users' privacy."
- Visit Business Insider's homepage for more stories.
The Federal Trade Commission announced today that it has slapped Facebook with a $5 billion penalty over its handling of user data, which came to light after the Cambridge Analytica scandal.
The settlement is the result of Facebook violating a 2012 agreement with the FTC, in which it promised not to hand over user data to third parties without consent.
It represents the biggest penalty the FTC has handed down to a technology company, with the regulator calling it "unprecedented."
July 24, 2019 " data-e2e-name="embed-container" data-media-container="embed" style="box-sizing: border-box; margin-top: 20px; margin-bottom: 20px;">
FTC
✔@FTC
https://twitter.com/FTC/status/1154008896446586881
Facebook assessed $5 billion penalty, subjected to sweeping new restrictions on user privacy decisions to settle FTC charges the company violated a 2012 FTC order by deceiving users about their ability to control privacy of their personal info. Read more: https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions …
71
8:42 AM - Jul 24, 2019
Twitter Ads info and privacy
121 people are talking about this
"The $5 billion penalty against Facebook is the largest ever imposed on any company for violating consumers' privacy and almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide," the FTC said in a press statement.
Facebook must make sweeping changes to its privacy standards
As well as a penalty, a wider settlement requires Facebook to make sweeping changes to its privacy practices and submit itself to more independent scrutiny than ever before.
Facebook will be required to restructure its board of directors, mandating an independent privacy committee. The FTC said this committee will remove CEO Mark Zuckerberg's "unfettered control" over user privacy, and will be responsible for appointing "compliance officers" to Facebook's privacy programme. These officers will be held accountable for the firm's privacy standards.
Members of the new committee must be appointed by an "independent nominating committee," and can only be fired by a "supermajority" of Facebook's board of directors.
Ime Archibong.
Getty
Facebook's VP of Product Partnerships Ime Archibong wrote in a blog post that the restructuring will mean a "fundamental shift in the way we work."
"Under the new framework required by the FTC, we'll be accountable and transparent about fixing old products that don't work the way they should and building new products to a higher standard," wrote Archibong.
The FTC also included a list of six new privacy requirements it's imposing on Facebook. These include:
- Increased oversight of third-party apps.
- A ban on taking users' phone numbers security purposes and then using them for advertising (which it admitted to doing last year).
- Clearly alerting users and getting affirmative consent before using facial recognition.
- Establishing and maintaining a new and comprehensive data security program.
- Encrypting user passwords and regularly scanning to see if any passwords are being kept in vulnerable, plain-text format ( as was discovered in March of this year).
- A ban on asking for email passwords to other services when users sign up to Facebook.
"Going forward, when we ship a new feature that uses data, or modify an existing feature to use data in new ways, we'll have to document any risks and the steps we're taking to mitigate them. We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work. And we expect it will take longer to build new products following this process going forward," said Zuckerberg.
Read more: Facebook gets slammed by new lawsuit from DOJ accusing it of failing to protect your privacy
Facebook said it was expecting the fine in its first-quarter earnings report last month, saying that it had set aside $3 billion to $5 billion in anticipation. The company is due to give its second-quarter earnings report later on Wednesday.
Although the FTC fine has been long-anticipated, it has landed amid a flurry of regulatory activity. Less than an hour after the FTC announced the penalty, the Securities and Exchange Commission fined Facebook $100 million for "misleading investors" in the wake of Cambridge Analytica. The day before both penalties landed, theDepartment of Justice announced a sweeping antitrust probe into the big tech giants.
Two members of the FTC, Rohit Chopra and Rebecca Kelly Slaughter, felt the penalty was not harsh enough. "While it is difficult in this case to quantify the economic value of the violations to the company, there is good reason to believe $5 billion is a substantial undervaluation," Slaughter wrote in a statement to CNBC.
DOJ sues Facebook for misleading users
Separately, the FTC said the Department of Justice is suing Facebook for "repeatedly using deceptive disclosures and settings to undermine users' privacy" following a year-long investigation. The lawsuit alleges that Facebook broke its 2012 privacy pact with the FTC after it:
- Failed to properly screen third-party apps before granting them access to treasure troves of user data.
- "Misrepresented" users' ability to control the use of facial recognition technology.
- Collected cell phone numbers for security purposes, but did not tell users that it would use the information to target advertising.
Alexander Nix.
Reuters
The FTC simultaneously announced it is suing the now-defunct Cambridge Analytica, and has reached settlements with disgraced former CEO Alexander Nix and app developer Aleksandr Kogan, whose "This Is Your Digital Life" app scraped the user data then used by Cambridge Analytica.
The pair have "agreed to administrative orders restricting how they conduct any business in the future, and requiring them to delete or destroy any personal information they collected," according to the FTC.
SEE ALSO: 'Shame on Mark Zuckerberg': Facebook enraged lawmakers again after evading questions about its year from hell
Facebook just got clobbered with a record $5 billion penalty over the Cambridge Analytica data breach
