The next time users visit Facebook, things might not look different, but big changes are brewing behind the scenes. The FTC’s record-breaking $5 billion settlement requires Facebook to conduct a massive overhaul of its consumer privacy practices. The settlement also makes major changes to Facebook’s operations and CEO Mark Zuckerberg no longer has sole control over privacy.
First, some background. Facebook is a social networking site, but it makes money by serving up targeted ads based on users’ personal information. Many consumers are hesitant about sharing certain data, so Facebook calms that concern by promising that people can control the privacy of their information through the platform’s privacy settings.
The FTC sued Facebook in 2012 for making misleading promises about the extent to which consumers could keep their personal information private. For example, Facebook told users they could select settings to make information available just to “friends.” But despite that promise, Facebook allowed apps used by those friends to access consumers’ information, a decision that put money in Facebook’s pocket. The 2012 FTC order put penalties in place if Facebook made misleading statements in the future about consumers’ control over the privacy of their personal information.
According to the FTC, that’s just what happened. Facebook violated the order by again giving companies access to information that consumers said they didn’t want to share. The FTC also alleges Facebook made other misleading statements about how it used facial recognition, consumers’ cell phone numbers and other personal data.
Here are three things to know about the FTC’s history-making settlement with Facebook.
Facebook will pay the largest civil penalty by anyone anywhere ever in a privacy case.
The $5 billion settlement is one for the record books. It’s the largest civil penalty ever imposed on a company for violating consumers’ privacy and it’s one of the largest penalties assessed by the U.S. government for a violation of any kind. That tells you just how seriously the FTC takes it when companies break their privacy promises. The settlement also sets a new benchmark if companies fail to honor their promises in the future. (In case you’re wondering about the $5 billion, by law, it goes to the general fund of the U.S. Treasury. It does not go to the FTC.)
The settlement requires fundamental changes at Facebook and removes CEO Mark Zuckerberg as the company’s consumer privacy decision maker.
The order establishes a new era of privacy transparency at Facebook and at WhatsApp and Instagram, which Facebook owns. It creates an independent committee of Facebook’s board of directors to oversee privacy decisions and requires an independent third-party assessor to evaluate the effectiveness of Facebook’s privacy program. Mark Zuckerberg also must certify every quarter that Facebook is in compliance with the new privacy program. Any false certification will be subject to civil – and criminal – penalties.
As Facebook puts its new privacy program in place, consumers should take a fresh look at their settings.
How much personal information do you really want to share? A platform’s default settings may not be your most privacy-protective option. Whether it’s Facebook or any other platform, revisit your toolbars, privacy settings, etc., to make sure the system is set up to honor your choices and preferences.
- Lesley Fair is an attorney with the Division of Consumer & Business Education at the Federal Trade Commission.