US FTC fines Facebook a record-breaking $5 billion



Facebook Inc has agreed to pay a record-breaking $5 billion penalty issued today by the Federal Trade Commission (FTC), and submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users’ privacy.

This fine is the largest imposed on any company for violating consumers’ privacy and almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide, the FTC says. It is also one of the largest penalties ever assessed by the US government for any violation.

In addition to paying the fine, Facebook must “conduct a privacy review of every new or modified product, service, or practice before it is implemented, and document its decisions about user privacy. The designated compliance officers must generate a quarterly privacy review report, which they must share with the CEO and the independent assessor, as well as with the FTC upon request by the agency.” The settlement order also requires Facebook to exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data. The 20-year settlement order includes also many other details.

Mark Zukerberg said on Facebook:

“As part of this settlement, we're bringing our privacy controls more in line with our financial controls under the Sarbanes-Oxley legislation. Our executives, including me, will have to certify that all of the work we oversee meets our privacy commitments. Just as we have an audit committee of our board to oversee our financial controls, we’ll set up a new privacy committee of our board that will oversee our privacy program. We've also asked one of our most experienced product leaders to take on the role of Chief Privacy Officer for Products.”

“To implement this, we’ll have to review our technical systems to document any privacy risks and how we're handling them. Going forward, when we ship a new feature that uses data, or modify an existing feature to use data in new ways, we’ll have to document any risks and the steps we're taking to mitigate them. We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work. And we expect it will take longer to build new products following this process going forward.”

See: