Facebook said in the spring it expected to pay a $5 billion fine to the Federal Trade Commission (FTC) in the wake of the Cambridge Analytica scandal and it now looks like the company will do just that in after the commission approved settlement with the social media giant for violating a 2011 consent decree.
The FTC voted 3-2 along party lines to okay the settlement, which now has been sent to the Justice Department for finalization, according to a report by the Wall Street Journal.
“This record-breaking fine highlights the importance of data stewardship in the digital age. The FTC has put all companies on notice that they must safeguard personal information,” said Center for Democracy & Technology (CDT) President and CEO Nuala O’Connor.
The International Association of Information Technology Asset Managers (IAITAM) warned its members that the Facebook settlement along with other large fines recently levied against British Airways and Marriott confirm that privacy regulators have upped their game. “We’ve been advising organizations for more than a year that privacy laws are changing, and due diligence is going to be imperative,” IAITAM President and CEO Barbara Rembiesa said in a statement. “Organizations with mature IT Asset Management (ITAM) programs already have a program in place that can help address vulnerabilities in due diligence, even when it comes to personal privacy.”
Facebook's privacy and data protection policies have faced intense scrutiny after an app developed by Cambridge University professor Aleksandr Kogan called thisisyourdigitallife harvested data for Cambridge Analytica, at that time a company owned in part by hedge fund operator Robert Mercer and once led by former White House adviser Steve Bannon. About 270,000 Facebook users signed up to take a paid personality test through the app. Their data and that of their friends, counting in the millions, was passed along to Cambridge Analytica.
While the reported FTC deal, in a 3-2 vote this week, is a victory for privacy advocates, “privacy regulation in the U.S. is broken. While large after-the-fact fines matter, what is much more important is strong, clear rules to protect consumers,” said O’Connor. “Congress must pass a comprehensive federal privacy law this year.”
Sen. Mark Warner, D-Va., has pressed social media companies to work with Congress and offer feedback on a white paper that offered up policy solutions and has introduced bipartisan bills – the Honest Ads Act, the DETOUR Act and the DASHBOARD Act – to address data protection and privacy issues on social media. “Given Facebook’s repeated privacy violations, it is clear that fundamental structural reforms are required,” Warner said in a statement. “With the FTC either unable or unwilling to put in place reasonable guardrails to ensure that user privacy and data are protected, it’s time for Congress to act.”
But Information Technology and Innovation Foundation (ITIF) Vice President Daniel Castro said the settlement is a sign the U.S.’s current system works. “U.S. privacy regulations have teeth, and they can be used aggressively when needed,” he said, praising the U.S. for “rightly” avoiding “the heavy-handed regulations that stifle innovation” in other countries.
“Rather than take a wrecking ball to the existing data privacy laws or allow states to enact a patchwork of conflicting rules, Congress should build on the solid foundation that exists today by passing federal privacy legislation that strengthens the FTC’s enforcement capabilities, preempts states, and streamlines regulations,” Castro said.