FTC fines Facebook $5 billion over Cambridge Analytica scandal

The company must also appoint an independent privacy committee to its board of its directors.

  • The FTC said Facebook violated a 2012 agreement it made with the agency over user data.
  • Facebook must restructure its board of directors, undergo regular privacy audits and pay a $5 billion fine.
  • Still, some say the punishment doesn't go far enough.

The Federal Trade Commission (FTC) has ordered Facebook to create new layers of oversight on how it handles user data, and to pay a $5 billion fine, according to an agreement announced Wednesday between the company and the federal agency.

The punishment results from an FTC investigation into Facebook that was prompted after news broke of the 2018 Cambridge Analytica scandal. Cambridge Analytica was a British consulting firm that used a third-party app to harvest personal data from approximately 87 million Facebook users.

By letting this third-party app collect users' data without their clear knowledge and consent, the FTC said Facebook violated a 2012 settlement order it had reached with the social media company.

Under the new agreement, Facebook must add an independent privacy committee to its board of directors, which the FTC wrote will remove "unfettered control by Facebook's CEO Mark Zuckerberg over decisions affecting user privacy." This new committee will be charged with appointing "compliance officers" who can be held accountable if the company mishandles users' data. Facebook must also submit to regular privacy audits.

"The $5 billion penalty against Facebook is the largest ever imposed on any company for violating consumers' privacy and almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide," said FTC officials in a press statement.

But some think the punishment is merely a slap on the wrist. The FTC's sole two Democratic commissioners disagreed with their three Republican colleagues over the new settlement, which stopped short of holding Zuckerberg personally accountable for mishandling user data, and also granted immunity to Facebook executives for actions taken before June 12, 2019.

"I fear it leaves the American public vulnerable," Rebecca Kelly Slaughter, a Democratic commissioner, told The New York Times.

"While it is difficult in this case to quantify the economic value of the violations to the company, there is good reason to believe $5 billion is a substantial undervaluation," Slaughter wrote in a statement to CNBC.

Facebook said the new agreement represents a "fundamental shift" in their approach to user privacy.

"It will mark a sharper turn toward privacy, on a different scale than anything we've done in the past," Facebook staff wrote in a blog post. "We will be more robust in ensuring that we identify, assess, and mitigate privacy risk. We will adopt new approaches to more thoroughly document the decisions we make and monitor their impact. And we will introduce more technical controls to better automate privacy safeguards."

The FTC also ordered Facebook to implement several other new privacy requirements:

  • Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook's platform policies or fail to justify their need for specific user data;
  • Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;
  • Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;
  • Facebook must establish, implement, and maintain a comprehensive data security program;
  • Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext; and
  • Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.

Facebook was also fined $100 million on Wednesday by the Securities and Exchange Commission for misleading investors after the Cambridge Analytica story broke. Facebook also faces a separate lawsuit from the Department of Justice over claims that the company "repeatedly used deceptive disclosures and settings to undermine users' privacy."

It's unclear whether the new penalty will actually force Facebook to "fundamentally shift" how it handles user privacy. But, at least according to the FTC's three Republican commissioners, it didn't seem reasonable, legally speaking, to push for harsher punishments at this time.

"Is the relief we would obtain through this settlement equal to or better than what we could reasonably obtain through litigation?" they told The New York Times. "If the answer had been 'no,' it would have made sense to aggressively move forward in court. The answer, however, was 'yes.'"

Befriend your ideological opposite. It’s fun.

Step inside the unlikely friendship of a former ACLU president and an ultra-conservative Supreme Court Justice.

Sponsored by Charles Koch Foundation
  • Former president of the ACLU Nadine Strossen and Supreme Court Justice Antonin Scalia were unlikely friends. They debated each other at events all over the world, and because of that developed a deep and rewarding friendship – despite their immense differences.
  • Scalia, a famous conservative, was invited to circles that were not his "home territory", such as the ACLU, to debate his views. Here, Strossen expresses her gratitude and respect for his commitment to the exchange of ideas.
  • "It's really sad that people seem to think that if you disagree with somebody on some issues you can't be mutually respectful, you can't enjoy each other's company, you can't learn from each other and grow in yourself," says Strossen.
  • The opinions expressed in this video do not necessarily reflect the views of the Charles Koch Foundation, which encourages the expression of diverse viewpoints within a culture of civil discourse and mutual respect.
Keep reading Show less

Physicists find new state of matter that can supercharge technology

Scientists make an important discovery for the future of computing.

Surprising Science
  • Researchers find a new state of matter called "topological superconductivity".
  • The state can lead to important advancements in quantum computing.
  • Utilizing special particles that emerge during this state can lead to error-free data storage and blazing calculation speed.
Keep reading Show less

Physicist advances a radical theory of gravity

Erik Verlinde has been compared to Einstein for completely rethinking the nature of gravity.

Photo by Willeke Duijvekam
Surprising Science
  • The Dutch physicist Erik Verlinde's hypothesis describes gravity as an "emergent" force not fundamental.
  • The scientist thinks his ideas describe the universe better than existing models, without resorting to "dark matter".
  • While some question his previous papers, Verlinde is reworking his ideas as a full-fledged theory.
Keep reading Show less

How to heal trauma with meaning: A case study in emotional evolution

As tempting as it may be to run away from emotionally-difficult situations, it's important we confront them head-on.

  • Impossible-sounding things are possible in hospitals — however, there are times when we hit dead ends. In these moments, it's important to not run away, but to confront what's happening head-on.
  • For a lot of us, one of the ways to give meaning to terrible moments is to see what you can learn from them.
  • Sometimes certain information can "flood" us in ways that aren't helpful, and it's important to figure out what types of data you are able to take in — process — at certain times.
Keep reading Show less