Facebook settlement with FTC fines : $5 billion and new privacy guarantees

Facebook settlement with FTC fines : $5 billion and new privacy guarantees, facebook privacy violations
The Federal Trade Commission said that after speculation over a year since Facebook's investigation of the loopholes of privacy, the regulator has announced the terms of its settlement with the officially distracted social network: $ 5 billion ( As the first rumor) and the company within better inspection.

Order-mandate privacy program includes Facebook-owned WhatsApp and Instagram, along with Facebook's Epineem Social Platform.

Facebook assessed $5 billion penalty, subjected to sweeping new restrictions on user privacy decisions to settle FTC charges the company violated a 2012 FTC order by deceiving users about their ability to control privacy of their personal info. Read more: https://t.co/NYx2JnKmJV pic.twitter.com/7KVd3Vg02J

— FTC (@FTC) July 24, 2019

The order was approved in 3-2 votes by the agency commissioners. The FTC notes that the penalty against Facebook has been imposed to violate the privacy of consumers on any company - as well as demonstrating that it is "almost 20 times the largest privacy or data security penalty imposed worldwide. is more".

In addition to money, Facebook will have to create a board committee on privacy, and executive assurances that user data is being respected.

Meaningful inspection?
"The settlement order declared today also created unprecedented new restrictions on Facebook's business operations and created several channels of compliance. In order to make Facebook reorganize its approach to privacy below corporate board-level, and establishes strong new mechanisms to ensure that Facebook's officials are accountable for making decisions about privacy, And that the decision is subject to meaningful inspection. The FTC has written in a press release that declaration of decision.

FTC Chairman Joe Simmons said in a statement, "Despite repeated promises to our users around the world that they can control how to share their personal information, Facebook has reduced the choice of consumers. . " "The penalty of $ 5 billion in FTC history and comprehensive conduct relief is unprecedented. Relief is not only designed to punish future violations, but more importantly, to reduce the chances of continuous violation, to change Facebook's entire privacy culture. The Commission takes consumer privacy seriously, and will implement FTC orders to the full extent of the law. "

FTC says that the structure of its order of 20 years against Facebook removes "unaffected control" on privacy decisions taken by CEO Mark Zuckerberg - by creating greater accountability at the board level of the board, which it calls "independent privacy Committee ". ".

"The privacy committee members should be independent and appointed by an independent nomination committee," writes it. "Members can be fired only by the supremacy of the Facebook Board of Directors."

Facebook will also need to nominate Compliance Officers who will be responsible for Facebook's privacy program.

"These compliance officers will be subject to the approval of the new Board Privacy Committee and it can be removed only by that committee - not by Facebook CEO or Facebook employees." "Facebook CEO Mark Zuckerberg and designated compliance officials will have to freely submit with FTC quarterly certificates that the company is in compliance with the privacy program given by the order, as well as an annual certification that the company is in full compliance with the order . Any wrong certification will subject them to individual citizens and criminal penalties. "

Another strand is aimed at strengthening the external inspection of Facebook, FTC has claimed an increase in audit procedures, which should be done every two years to evaluate the effectiveness of Facebook's privacy program and identify any gaps .

"The biennial assessment of the evaluator of Facebook's privacy program should be based on the evaluator's independent fact-gathering, sampling and testing, and should not be based primarily on claims or verification by Facebook management," it's like the end of Facebook He is able to mark his own regulatory homework on his home ground.

It goes forward: "This order prevents the evaluator from making a false statement to the assessee, which can be approved or removed by the FTC. Importantly, the independent evaluator must report directly to the New Privacy Board Committee on a quarterly basis. The Order also authorizes the FTC to use search tools provided by the Federal Rules of the Civil Procedure to monitor Facebook's compliance with the order. "

Before the implementation of Facebook, the privacy of each new or revised product, service, or practice should be reviewed, and according to the order, its decisions regarding user privacy should be documented.

While designated compliance officers will have to submit a quarterly privacy review report - on sharing it with Facebook's CEO and independent evaluator as well as FTC

This order also applies to the requirements of security violation disclosure on Facebook, which is necessary for documents of tampering incidents of data of 500 or more users, as well as how to fix this problem - and this FTC And with the details of the estimator to provide. Within 30 days of searching the breech

The FTC confirmed for the first time that it was investigating Facebook in March of last year, when the data was misused by the network during the new hub around Cambridge Analytica. The regulator was particularly worried that Facebook was systematically violating the terms of its 2012 agreement, which prevented many of them from many practices about the data.

The rumors started after less than a year that FTC was considering the "fine-setting", although as much as what was said at that time, almost any perceptible amount easily (if not happy) by the company Written, which brings in revenues up to $ 50 billion per year.

In April, while writing on the wall and maybe taking some conversation privately, Facebook had separated $ 3 billion to cover the settlement costs, which knew that it is still earning $ 2.4b ), But said that this number is expected to actually be $ 5 billion. And in fact it is the number that appeared in the initial reports of the FTC vote two weeks ago. (Some people suggested that higher behaviors might be less than good behavior, but the FTC has not taken them to this idea.)

Although multi-billion dollar fines have made headlines, Facebook may have more business costs (and product friction) for Facebook locked in the order's administrative and bureaucratic requirements.

facebook ftc fine

The FTC has listened to a laundry list of what it does as "important new privacy requirements" which is also imposing on the company - writing:

• Facebook should do more and more practice on third-party apps, including ending app developers, failing to certify that they are in compliance with Facebook's Platform Policies or to justify their need for specific user data. Are unsuccessful;
• Facebook is prohibited from using telephone numbers obtained to enable security features for advertisement (e.g., two-factor authentication);
• Facebook should provide clear and clear information about the use of facial recognition technology, and should get the consent of a positive express user before any use that exceeds its prior disclosure for users;
• Facebook should establish, implement, and maintain a comprehensive data security program;
• Facebook should encrypt the user's password and scan it regularly to find out if a password is stored in Plaintext; And
• On Facebook signing up for its services, it is forbidden to ask for email services for other services.

Although there are criticisms of the order not to be strong already - in which FTC is included from within itself.

Blanket defense and no deterrent
Rohit Chopra, one of the commissioners who had voted against the settlement, has published a statement which states why he did not return it - in which he has warned that it is "repeatedly used to abuse privacy The reason does not cure the incentive "because it fails to stop Facebook. "Engage in monitoring or unifying platform".

"There is no restriction on data harvesting strategies - just paperwork What is acceptable to the $ FB is available for signing, "he wrote in a set of tweets that briefly summarize his views after the settlement announcement.

Chopra also indicates the lack of penalties for Zuckerberg, Sheryl Sandberg and other Facebook officials - indicating that FTC is going after the misuse of Facebook data by individuals associated with Cambridge Antilica, still violating Facebook's "infringement" Blanket immunity "for their role in" ".

He also says that "the agreement provides a comprehensive defense for fine-print Facebook 'known' and 'unknown' violations," - wondering: "What is covered by these immune deals? Facebook knows but the public Has been kept in the dark. "

"The major violations of Facebook were a direct result of their large scale monitoring and manipulation business model, and this action blesses this model. Settlement does not fix this problem. It now goes to court for approval, "he says. "We should all be concerned that business promotion of big technical platform behavioral advertising practices which are dividing our society. When companies break laws and cause massive damage, they should be held accountable. "

There is also disagreement with the settlement of FTC Commissioner Rebecca Kelly Slaughter, who also take the order that "preventing Facebook from effectively joining in violation of future laws" will not be sufficient - in its own non-consensual statement, it will incite the agency Would like to. Action for litigation against Facebook and Zuckerberg, and "the right result in a public court of law"

She says, "Without the meaningful limitations on how to share, use and share data and public transparency in relation to Facebook's data usage and order compliance, order can not be seen as adequate preventive. "She also says that" deep concern "is that the release of Facebook and its officials from legal liability is very broad".

FTC limit
In discussing the agreement with TechCrunch in a phone call, former CTO of FTC, Ashokan Sultani, termed it "a terrible result" for its former employer. "Facebook has dominated the press all the time," he told us. "This release was controlled as Muller [testimony], on the same day as his earning call. $ 5BN - While important for the agency is essentially 'out of jail' card for Facebook," He said that this order condemns any behavior before June 12 - "which I feel is unheard of".

"It's crazy about how good it was for the company."

He said that such a favorable result can be signed by three of the five commissioners, "who is FTC" is a sign of this, he also said this.

"The importance of this matter shows how limited the agency's capacity is," he suggested. "They have limited rights but disposal - this is unheard of. I have never seen such a provision in another FTC order.

They said, "I think it is understood that they were between a rock and a difficult place they could do," he said. "With an endless budget, there will be an option to go to court against one of the largest companies in the world, and [enforcement] is as thin as the authority."

In relation to the fact that anything can be done in the substance of Facebook's future behavior, Soltani suggested that there are some "useful" prohibitions which see the behavior of the agency beyond the Cambridge Anilata scandal.

But at the same time there is not enough to answer "where the company is going".

"I do not think that it actually addresses the direction that is moving towards Facebook and it actually exposes the lack of authority which the agency has," he told us, at the age of data-mining tech Discussing the limitations of US security for privacy Giants

"FTC trade commission is fine," he said. "It is designed to protect against inappropriate and deceptive practices, and it is indeed designed to protect the industry from each other ... and in any way developed into our leading consumer protection agency But this right is quite limited, especially in the area of ​​privacy. "

David Carroll, the academy of Cambridge Analyca, complained against the use of its data features as the center point of The Great Hack - just recently released Netflix documentary which digests in the Facebook data abuse scandal - also back in its evaluation of the FTC order Was taking.

"Maybe a netflix doctor can be more punishable with Facebook for this agreement," he told us.

Facebook response

Facebook has responded to the penalty announcement in a long blog post written by general counsel Colin Stretch.

He wrote, "The agreement will require a radical change in our way of working and it will give additional responsibility for the creation of our products at every level of the company." "This will mark an acute turn on privacy, on a different scale than in any of the things we have done in the past.

"The necessary accountability for this agreement crosses current US law and we hope it will be a model for the industry. It introduces more rigorous procedures to identify privacy risks, more documentation of those risks and more comprehensive measures so that we can meet these new requirements. Going forward, our approach to privacy control will parallel our approach to financial controls, with a rigorous design process and personal certificates, to ensure that our controls are working - and that we find them And they do not do when they are. "

Stretch Cambridge Analyte proceeds to describe the data misuse scandal because "there is a violation of the trust between Facebook and those who depend on us for the protection of our data", before claiming the company for the risk of privacy Will adopt a new "strong" approach.

"We will be more strong in ensuring that we recognize, evaluate, and mitigate privacy risks." "We will adopt new approaches to document those decisions more effectively and monitor their impact. And we will offer more technical control to improve privacy protection measures. "

He also said that Facebook will review its "system" - which says that the company expects "issues" - saying "when it will happen, we will work fast to address them"

Later buried on the blog, Stretch also confirmed that Facebook has settled a separate investigation by the Securities and Exchange Commission - to further investigate an investigation of its processes to disclose the misuse of data to investors Agreed to pay 100M

They said, "We share the interest of the SEC in ensuring that we are transparent with our investors, and we have already updated about our risks and controls in this area." , We agreed to give $ 100 million in fines

In another reaction, Zuckerberg has posted a comment on his Facebook page - where he writes that "we are going to make some big structural changes how we build products and how to run this company".

He also said that the company expects that hundreds of engineers and more than one thousand people in our company will comply with changes made by FTC orders.

It is not clear though, that this means Facebook will raise its head with 1,000 extra fares or changing the priorities of focusing on some of its existing employees.