Facebook is notching a record breaker. The Federal Trade Commission on Wednesday announced that Facebook agreed to pay a $5 billion fine over privacy violations and its failure to inform tens of millions of users about a data leak that happened years ago. The fine is the largest the US regulator has levied against a tech company.
The settlement will require Facebook’s CEO Mark Zuckerberg, as well as other designated compliance officers, to certify that the company is taking steps to protect user privacy. A false statement could potentially expose them to penalties. The order also removes some of Zuckerberg’s control over privacy decisions by creating an independent privacy committee of the company’s board of directors.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” said FTC Chairman Joe Simons in a release. “The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”
The multibillion-dollar fine marks the first significant punishment Facebook has received for the storm of privacy and security scandals that have engulfed the company for more than a year. The issues, which range from the spread of fake news to improperly secured personal data, have prompted governments around the world to consider regulating social networks.
Facebook CEO Mark Zuckerberg said in a statement Wednesday that the social network would make “major structural changes” to how it builds products and conducts business.
“We have a responsibility to protect people’s privacy,” Zuckerberg wrote. “We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.”
The FTC settlement could mark a turning point in how governments treat social networks like Facebook, Twitter, Instagram and YouTube for bad behavior. Over the years, harassers, trolls and propagandists have taken advantage of the sites, which often don’t strictly enforce their own rules. That’s created increasingly toxic environments in which personal attacks, hatred and fake news spread. It’s also allowed the sites to be exploited by governments, such as Russia’s illegal influence in the 2016 US presidential election.
Though the US is just starting its efforts to rein in tech, the European Union and the UK are ramping up privacy protections for their citizens. The EU has begun enforcing the General Data Protection Regulation (GDPR), a sweeping law that requires companies to give people control over their data and to quickly inform them if data is mishandled. The UK, meanwhile, is considering new regulatory roles in government to safeguard internet users’ interests and punish companies that don’t. But none of them have yet taken on Facebook directly.
The settlement follows months of negotiations after the FTC claimed Facebook had violated a 2011 agreement Facebook telegraphed that a deal was in the works by telling investors it was prepared to pay as much as $5 billion related to the FTC investigation. That’s significantly higher than the previous record holder, Google, which paid $22.5 million in a 2012 FTC settlement .after breaking promises to users that it would do so. In its earnings last week,
At one point in negotiations, the FTC considered a higher fine, according to reporting from the Washington Post. There was also debate about whether to make Zuckerberg personally accountable for the company’s privacy screw ups.
“If the FTC is seen as traffic police handing out speeding tickets to companies profiting off breaking the law, then Facebook and others will continue to push the boundaries,” wrote Democratic Sen. Richard Blumenthal of Connecticut and Sen. Josh Hawley, a Missouri Republican, in a May letter to the FTC.
In response to the FTC settlement, Facebook on Wednesday said it’s made large strides on privacy but more changes are in store.
“We will be more robust in ensuring that we identify, assess and mitigate privacy risk,” wrote Facebook’s Colin Stretch in a blog post. “We will adopt new approaches to more thoroughly document the decisions we make and monitor their impact. And we will introduce more technical controls to better automate privacy safeguards.”
The FTC fine stems from Facebook’s inability to control the data of as many as 87 million of its users. That info ended up in the hands of Cambridge Analytica, a political consultancy. The organization has been accused of using data gleaned from Facebook users to influence political campaigns, including the Brexit vote and the 2016 presidential campaign that led to the election of Donald Trump.
Originally published July 24 at 5:45 a.m. PT.
Update at 6:24 a.m. PT: Adds statement by Mark Zuckerberg.