Facebook to settle privacy claims with $5 billion payment
The settlement removes Facebook CEO Mark Zuckerberg’s final authority over privacy decisions.
After years of accusations over privacy violations on its platform, Facebook has agreed to pay a $5 billion fine.
Facebook ended 2018 with a total revenue of over nearly $56 billion.
As part of the agreement, Facebook CEO Mark Zuckerberg will no longer have final authority over privacy decisions.
The settlement also imposes new restrictions on Facebook’s business operations and creates multiple channels of compliance. This includes a restructure of Facebook’s approach to privacy from the corporate board-level down, and the establishment of strong new mechanisms to ensure that Facebook executives are held accountable for the privacy decisions they make.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” FTC Chairman Joe Simons said in a press release.
“The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations,” he later added.
The question still remains, however, as to how much the results of the settlement will actually impact the more than 185 million Facebook users in the United States and Canada.
Oregon Democratic Senator Ron Wyden said the settlement wouldn’t stop Facebook from continuing to violate users’ privacy.
“The F.T.C. is sending the message that wealthy executives and massive corporations can rampantly violate Americans’ privacy and lie about how our personal information is used and abused and get off with no meaningful consequences,” Sen. Wyden told the NY Times.
The order is intended to improve accountability at the board of directors level, as well as on an individual level. As part of this, Facebook must conduct a privacy review of every new or modified product, service, or practice before it is implemented, and document its decisions about user privacy.
Other new privacy requirements include:
- Exercising greater oversight over third-party apps, including terminating app developers who fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;
- Prohibiting from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;
- Providing clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;
- Establishing, implementing, and maintaining a comprehensive data security program;
- Encrypting user passwords and regularly scan to detect whether any passwords are stored in plain text;
- Prohibiting from asking for email passwords to other services when consumers sign up for its services.