Social media conglomerate Facebook will have to pay a $5 billion settlement, according to the Federal Trade Commission (FTC), for “deceptive disclosures and settings” that eroded user privacy and violated a prior agreement signed with the commission in 2012.
Facebook agreed to the settlement, putting to rest several years of damaging admissions about the company’s privacy practices. The inadvertent exposure of 87 million users’ information to the political analysis firm, Cambridge Analytica, was one of the worst data breaches in the U.S.
The $5 billion fine is the largest in FTC history, yet it’s still only almost a month’s worth of revenue for Facebook. According to CNN, the $5 billion fine is nearly 30 times the FTC’s largest civil penalty to date — $168 million, which was set upon Dish Network in 2017.
In a Facebook post published after the FTC’s announcement, CEO Mark Zuckerberg said, “We’ve agreed to pay a historic fine, but even more important, we’re going to make some major structural changes to how we build products and run this company. We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.”
FTC Chairman Joseph Simons said in a statement, “The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”
In addition to the civil penalty, Facebook also made a deal with the FTC that a privacy oversight committee will be formed, made up of independent members who cannot be fired by Zuckerberg alone. The committee will appoint other officials who must truthfully certify that Facebook is complying with the FTC agreement, or risk being held personally liable.
“False certifications would subject Mr. Zuckerberg and the [designated compliance officers] to personal liability, including civil and criminal penalties,” Simons said in a joint statement with two of the Commission’s other Republican members, Christine Wilson and Noah Phillips.
The FTC also required that regular third-party assessments of Facebook’s privacy practices not rely on company materials but instead on the auditor’s own fact-finding.
In a separate settlement, the Securities and Exchange Commission announced that Facebook agreed to pay $100 million to resolve “charges… for making misleading disclosures regarding the risk of misuse of Facebook user data.”