Facebook’s Getting Slapped With a $5 Billion FTC Privacy Settlement
The U.S. Federal Trade Commission approved a record privacy settlement against Facebook requiring the social media company to pay about $5 billion to resolve an investigation stemming from the Cambridge Analytica data scandal.
The FTC’s settlement was approved by a vote of 3-2, according to two people familiar with the matter. It caps a probe that opened in March 2018 after news that Cambridge Analytica, a consulting firm hired by President Donald Trump’s campaign, obtained user data from a researcher who created a personality quiz app on the social network.
The FTC’s settlement, the largest privacy fine in the agency’s history, marks the most significant action yet against Facebook over a series of mishaps that have compromised users’ data and sent the company reeling from one crisis to another. The mishandling of data has spurred efforts in Washington to pass legislation to better protect the personal information collected by the nation’s technology firms before a window closes ahead of the 2020 presidential campaign.
As the probe dragged on, FTC Chairman Joe Simons came under increasing pressure from lawmakers and privacy advocates to craft a tough settlement that would protect users’ privacy. The deal is likely to leave many critics of the company unsatisfied given the agency’s two Democratic commissioners, Rebecca Kelly Slaughter and Rohit Chopra, voted against it.
Facebook declined to comment.
While the FTC settlement removes a major burden weighing on the company, Facebook is still grappling with regulatory scrutiny on a host of other fronts. European Union officials are pursuing multiple data-protection investigations, while U.K. antitrust authorities are examining the company’s dominance in digital advertising.
In the U.S., the Justice Department and the Securities and Exchange Commission opened investigations related to the Cambridge Analytica scandal. Facebook declined to comment on the status of those probes. Separately, the attorney general for Washington, D.C., has sued the company, claiming it failed to safeguard users’ data. Other state attorneys general are also investigating.
The FTC is poised to continue scrutiny of Facebook. As part of a broad agreement with the Justice Department dividing oversight of four of the biggest tech companies, the agency will take responsibility for a potential antitrust investigation into Facebook. One area of focus is likely to be the company’s acquisitions of Instagram and Whatsapp.
The settlement ranks among the highest at the FTC, which reached a $10 billion settlement with Volkswagen AG in 2016 for deceptive advertising in the emission-cheating scandal involving diesel models. The agency’s previous record fine in a privacy action came in 2012, when Alphabet Inc.’s Google paid $22.5 million to settle claims it misrepresented its privacy assurances to Apple Inc.’s Safari users.
The FTC can only impose fines on companies that have previously agreed to settle claims with the agency under consent decrees, but not on first-time offenders. The agency has lobbied for greater authority to penalize wrongdoers in privacy cases, though some have questioned whether it was up to the job of taking advantage of the limited power it has now.
The commission’s 2011 consent decree with Facebook addressed a litany of deceptive practices by the social-media company. Facebook, for example, allowed profile information — photos, education, place of employment — that a user chose to restrict to “Only Friends” or “Friends of Friends” to be accessible to apps that the person’s friends used. Facebook also promised users that it wouldn’t share personal information about them with advertisers when in fact the company identified to advertisers the users who clicked on their ads or to whom ads were targeted.
Under the 2011 settlement, Facebook was required to implement a privacy program, obtain express consent from users before making changes that override privacy preferences, and undergo regular privacy audits.
The Cambridge Analytica incident stems from a personality-quiz app offered to Facebook users by a Cambridge University researcher. About 270,000 people downloaded the app, allowing the researcher to access data about both those individuals and their friends. The information was subsequently sold to Cambridge Analytica.
Facebook has said the researchers obtained users’ data with their consent and sold the information to Cambridge Analytica in violation of Facebook’s policies.