The Federal Trade Commission is playing hardball with Facebook, as the two organizations negotiate a multibillion dollar fine for Facebook’s privacy lapses, reports The Washington Post. The FTC alleges that Facebook misused user data, and the social media platform did not properly safeguard that data. Facebook has been linked to the spread of “fake news,” Russia’s role in the 2016 presidential election and an increase in hate speech.
The FTC and Facebook are negotiating the exact amount, but it could be the largest fine in FTC history. In 2012, the Google paid a record $22.5 million civil penalty to settle charges by the FTC that Google had misled privacy practices to users of Apple’s Safari browser. It was not Google’s first settlement with the FTC over violations of privacy matters.
The Washington Post quotes Sen. Richard Blumenthal (D) of Connecticut: “Facebook faces a moment of reckoning and the only way it will come is through an FTC order with severe penalties and other sanctions that stop this kind of privacy misconduct going forward.”
The FTC began its investigation into Facebook’s privacy practices last March. Tom Pahl, acting director of the FTC’s Bureau of Consumer Protection, issued the following statement about the probe on March 26, 2018:
“The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act. Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices,” Pahl said.
Though the investigation started last year, it includes a wide breadth, including a 2011 agreement Facebook made with the FTC to change its ways. Among the requirements of that order were (1) Facebook’s commitment to implement procedures to ensure user data could not be accessed by third parties after a user had deleted that information or terminated their account, (2) a promise to establish, implement and maintain a comprehensive privacy program to address privacy risks and protect the privacy and confidentiality of covered information, and (3) obtain regular assessments and reports that Facebook had done its due diligence in protecting privacy.
Facebook said it did not violate that 2011 agreement. However, last spring Cambridge Analytica inappropriately accessed the personal data of 87 million Facebook users, and last fall, 29 million Facebook users had their personal data stolen including names, contact information, birthdates, education, search history and more.
According to The Washington Post, there are a few options here. Facebook could negotiate a settlement and fine with the FTC while agreeing to refine its privacy protection procedures, or Facebook could fight the allegations and take their chances that they might win such a suit. Given Facebook’s history of data breaches and privacy violations, it seems the latter option is not in their best interests.
The bottom line here is that tech giants like Facebook and Google act as if they are immune to the rules. They ignore laws and regulations that govern data privacy and the privacy of their users. Whether that is intentional or sloppy isn’t clear, but the fact that such instances repeat themselves is an indication that protecting user privacy is not a top priority for them.
Facebook and Google can afford steep fines, and maybe to them, the reward of revenue for selling or providing access to data is worth the risk. There has to be a tipping point though. Governments, including the United States, and consumers need to step up to hold these companies accountable. These constant data breaches and privacy violations