Facebook expects a $5 Billion fine by the US Federal Trade Commission

Facebook’s quarterly financial results reveal that the tech giant expects to be fined between $3-5 billion for its privacy violations. However, any fine to be imposed has to be seen in the context of Facebook’s $56 billion annual revenue. The Federal Trade Commission (FTC) has not publicly commented whether it will impose a fine or not. There are currently more than 26,000 complaints against Facebook pending before the FTC.

Facebook faces many other legal challenges with privacy regulators in the EU. Just yesterday, Ireland’s Data Protection Commission opened a statutory investigation into Facebook following the company’s admission that it had discovered hundreds of millions of user passwords stored in plain text format on its internal servers. The passwords relate to users of Facebook, Facebook Lite and Instagram.

Also yesterday, the Privacy Commissioner of Canada, Daniel Therrien, and the Information and Privacy Commissioner for British Columbia, Michael McEvoy, issued a statement saying that Facebook has committed serious contraventions of Canadian privacy laws, for example third-party app’s unauthorised access to the information of millions of Facebook users. Some of that information was subsequently used for political purposes. The Commissioners call for stronger sanctioning powers, including the ability to issue meaningful fines.

In Germany, the Data Protection Authority of Bavaria has recently ruled that matching customers’ email addresses with their Facebook accounts requires their explicit consent.

“We are certain that Facebook obtains additional information about users from matching email addresses, regardless of whether a person is already registered with Facebook. At the very least, custom audience data shows Facebook that a user is also a customer of a particular company or online store.
This may seem harmless in many cases, but we have observed insurance companies that have uploaded email addresses, also online shops for very specific products. When an online pharmacy or an online sex shop shares their customer list with Facebook, we cannot rule out that this reveals sensitive data. The same applies when someone visits the online shop of a political party or subscribes to one of their newsletters. In all of these instances, custom audiences reveal granular insights. Facebook adds this information to existing profiles and continues to use it, without notifying users or giving them a chance to object,” Kristin Benedikt, head of the Internet division at the Bavarian Data Protection Authority said in an interview with netzpolitik.org.

In the UK, the investigation into Facebook, Cambridge Analytica and political influencing continues. The ICO has said that it takes a long time to collect all necessary forensic evidence needed for the Tribunal or the Courts. Another report is expected in the autumn. Elizabeth Denham, Information Commissioner, recently said that she expects Facebook to appeal against their current appeal against the ICO’s £500,000 fine - the maximum available under the old rules - for contravening UK privacy laws.


Elizabeth Denham, CBE, Information Commissioner UK, James Dipple-Johnstone, Deputy Information Commissioner UK and Daniel Therrien, Privacy Commissioner of Canada will speak at Privacy Laws & Business 32nd Annual International Conference 1-3 July in Cambridge, UK.