Federal regulators fined Facebook $5 billion for privacy violations and are holding CEO Mark Zuckerberg personally responsible– in a 20-year settlement with the company.
It’s the largest fine the Federal Trade Commission has ever placed on a tech company– but is a drop in the bucket compared to its revenue of $56 billion last year.
As part of the settlement Zuckerberg has to personally certify the company’s privacy program compliance. If not, the FTC said false certifications could expose him personally to civil or criminal penalties.
“The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC,” Joe Simons, the chairman of the FTC, said in a statement. He added that the new restrictions are designed “to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”
Facebook did not admit any wrongdoing as part of the settlement.
Last year the FTC began investigating Facebook after it was revealed that the data mining firm Cambridge Analytica had illegally gathered information on as many as 87 million Facebook users without their permission. After the yearlong investigation, the Department of Justice filed a complaint alleging that Facebook “repeatedly used deceptive disclosures and settings to undermine users’ privacy preferences.”
The FTC examined whether or not the privacy issue violated a previous settlement agreement Facebook reached in 2012 when regulators found that Facebook repeatedly broke its privacy promises to users. That settlement required Facebook to get user consent to share personal data in ways that override their privacy settings.
Deceptive disclosures about privacy settings allowed Facebook to share users’ personal information with third-party apps that their friends downloaded but the users didn’t give permission to use, the FTC found.
The next highest fine the FTC has levied on a tech company was $22.5 million on Google in 2012 for the company bypassing Apple’s Safari browser’s privacy controls.
A larger fine than Facebook’s was a $14.7 billion penalty levied against Volkswagen– to settle allegations of cheating on emissions tests and deceiving customers.
Equifax will also pay at least $700 million to settle lawsuits and investigations over a 2017 data breach.
The FTC’s 20-year settlement with Facebook establishes an “independent privacy committee” of Facebook directors who must be appointed by an independent nominating committee and can only be fired by a “supermajority” of Facebook’s board of directors. The idea is to remove “unfettered control” by Zuckerberg, the FTC said.
Despite the data breach, Facebook acknowledged that it gave big tech companies Amazon and Yahoo extensive access to users’ personal data– and it collected call and text logs from phones running Google’s Android system in 2015.