FTC said the company violated a 2012 Commission’s order by deceiving users about their ability to control the privacy of their personal information.
In the future, Facebook will have to pay more attention to personal data security. Under the settlement the company is barred from asking people for their email passwords to other services when they sign up, as well as from using telephone numbers for advertising if they are obtained in a security feature like two-factor authentication.
The company will also have to obtain user consent prior to utilizing the facial recognition function.
At the same time, but in a separate case, Facebook agreed to pay another $100 million to settle charges by the Securities and Exchange Commission (SEC).
The SEC, as it said in a statement, also accused Facebook “for making misleading disclosures regarding the risk of misuse of Facebook user data.”
“For more than two years, Facebook’s public disclosures presented the risk of misuse of user data as merely hypothetical when Facebook knew that a third-party developer had actually misused Facebook user data,” the SEC said.
The Commission’s complaint referred to the case of the now-defunct advertising and data analytics company, Cambridge Analytica, which paid an academic researcher, through a company he controlled, to collect and transfer data from Facebook in order to create personality scores for approximately 30 million Americans.
But beyond the personality scores, according to the statement, the researcher, in violation of Facebook’s policies, also transferred to Cambridge Analytica the underlying Facebook user data, including names, genders, locations, birthdays, and “page likes,” which Cambridge Analytica then used for its political advertising activities.Â
The consultancy’s clients, according to media, included President Donald Trump’s 2016 election campaign.
The FTC’s vote on the Facebook case was split along party lines, as the three Republicans voted for the record-high deal, calling the settlement “a complete home run,” while both Democratic commissioners voted against the decision, saying the deal “did not go far enough or require a large enough fine.”
According to Republican FTC Chairman Joe Simons, the $5 billion penalty “serves as an important deterrent to future order violations, by Facebook and others.”
The fine, as he told a press conference, is approximately 9 percent of Facebook’s 2018 revenue or 23 percent of its 2018 profit.Â
Democratic FTC Commissioner Rohit Chopra, however, complained that the penalty provided “blanket immunity” for Facebook executives “and no real restraints on Facebook’s business model” and does “not fix the core problems that led to these violations” or limit Facebook’s ability to collect data.
Facebook’s Mark Zuckerberg confirmed the $5 billion agreement with the FTC, explaining it would provide “a comprehensive new framework for protecting people’s privacy and the information they give” to Facebook.
“The agreement will require a fundamental shift in the way we approach our work and it will place additional responsibility on people building our products at every level of the company. It will mark a sharper turn toward privacy, on a different scale than anything we’ve done in the past,” Zuckerberg said.
Based on the deal, Facebook’s board should create an independent privacy committee that removes “unfettered control by Facebook CEO Mark Zuckerberg over decisions affecting user privacy.”
Under the agreement, Zuckerberg and other Facebook executives have to sign quarterly certifications attesting to privacy practices and a false certification, according to the FTC, could result in civil and criminal penalties.