The US Federal Trade Commission (FTC) has hit social networking giant Facebook with a record £4 billion fine for its violation of a 2012 order regarding how it presented privacy settings to its users, warning that the company will face 'sweeping new privacy restrictions' as a result - but critics claim it hasn't gone far enough.
The US Federal Trade Commission (FTC) opened an investigation into Facebook following the Cambridge Analytica scandal, believing that the company's actions broke a 2011/2012 order it had imposed on the company with regard to how it handles users' private information and how much control it gives said users over said information. Earlier this month sources claimed the FTC was to issue a record-breaking £4 billion fine against the company for its actions - and now the FTC has confirmed it is doing exactly that.
'Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers' choices,' explains FTC chair Joe Simons of the fine. 'The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook's entire privacy culture to decrease the likelihood of continued violations. The Commission takes consumer privacy seriously, and will enforce FTC orders to the fullest extent of the law.
'The Department of Justice is committed to protecting consumer data privacy and ensuring that social media companies like Facebook do not mislead individuals about the use of their personal information,' adds Assistant Attorney General Jody Hunt for the Department of Justice's Civil Division, which assisted in the investigation. 'This settlement's historic penalty and compliance terms will benefit American consumers, and the Department expects Facebook to treat its privacy obligations with the utmost seriousness.'
As well as the cash fine, Facebook is to be held to what is described as 'the New Facebook Privacy Compliance System,' an order which require the formation of a independent privacy committee outside the direct control of Facebook founder Mark Zuckerberg, adds designated compliance officers who can only be approved and removed by the committee, and who will independently submit quarterly certifications for the FTC's analysis. Facebook will also face additional external oversight from a third-party assessor, while the company itself will be required to conduct a full privacy review of every new or modified product or service it plans to launch.
Finally, the order includes the requirement that Facebook exercises greater oversight over how third-party apps, like that abused by Cambridge Analytica, handle Facebook user data; that it must stop using telephone numbers gathered for two-factor authentication (2FA) for any other purpose; that it must provide clear and conspicuous notice of its use of facial recognition technology and express consent for any use which exceeds said notice; that it must establish, implement, and maintain a comprehensive data security programme, including a means of preventing the recent gaffe that saw numerous passwords stored in plain text format; and that it must never ask its users for their passwords to external email services as part of its sign-up flow.
The fine and subsequent requirements are a major record for the FTC, but critics claim they don't go far enough. Business Insider points out that none of the money will go to compensate Facebook users, but instead will enter the US Treasury coffers; Bloomberg adds that there is little in the FTC's requirements that would mean changes to Facebook's advertising business from which the overwhelming majority of its funds are generated. Facebook itself, meanwhile, has pledged to do more to control third-party data access, including admitting that partners Sony and Microsoft retained access to Facebook data even when the programme under which they had been initially granted said access had been shut down.
'Under the new framework required by the FTC, we’ll be accountable and transparent about fixing old products that don’t work the way they should and building new products to a higher standard,' claims Facebook's vice president of product partnerships Ime Archibong. 'This means we will inevitably find more examples of where our products can be improved — where data access can be restricted — and we'll work swiftly to address issues when they surface.'
October 2 2019 | 17:10