How would you describe the organizational culture at Facebook, AND what organizational challenges do they face?
Facebook Penalty Sends Message
to Big Tech
$5 billion fine alerts industry to greater liabilities for privacy
missteps as some policy makers call for tougher oversight
WASHINGTON—The record $5 billion fine and oversight conditions federal
regulators imposed on Facebook Inc. for privacy violations put Big Tech on
notice that any company failing to protect consumer information may now face
greater legal risks than previously.
The penalty against Facebook, approved on a 3-2 vote by the Federal Trade
Commission, expands potential liability for the social-media giant’s chief
executive, Mark Zuckerberg, and restructures the company’s board of directors
to boost its oversight of privacy practices.
While critics dismissed the financial penalty as a wrist-slap for Facebook—which
reported second-quarter revenue of $16.9 billion Wednesday—the structural
changes imposed by the commission are now likely to be seen as a measuring
stick for other companies.
“I expect a lot of board members and CEOs are chatting and texting today about
what exactly they need to do to ensure they are within spitting distance of these
new best practices,” said Trevor Hughes, president of the International
Association of Privacy Professionals.
Mr. Zuckerberg said he hopes the FTC-imposed mandates on Facebook would
“set a completely new standard for our industry.”
Facebook agreed to the settlement after a year-long FTC investigation found the
company had repeatedly used deceptive disclosures and account settings to lure
users into sharing personal information, undermining their actual privacy
preferences.
The company’s actions misled tens of millions of people about the use of their
phone numbers, photos of their faces and more—while allowing app developers
that were paying Facebook for ads to gain special access to user information, the
FTC said.
The Facebook penalties are “a message to [other companies] that if you get
yourself in Facebook’s position, this is what you’ll get,” FTC Chairman Joe
Simons told reporters following the
announcement.
“The price of privacy violations just
went up,” said Commissioner Noah
Phillips.
Yet the FTC panel split along party
lines, with Democrats Rebecca
Kelly Slaughter and Rohit Chopra
contending that the settlement isn’t
tough enough to prevent future
violations by Facebook. The
company’s business model relies on
tracking online user behavior to sell
targeted advertising.
“If the market gets the message that
it’s profitable to violate a law or
order, it’s very difficult for a deterrence message to be effective,” Ms. Slaughter
said.
Congressional Democrats were generally critical. “This fig-leaf deal releases
Facebook without requiring any real privacy protections—no restraints on future
data use, no accountability for top executives, nothing more than chump change
financial fines,” said Sen. Richard Blumenthal (D., Conn.).
Republicans were more supportive. Sen. Roger Wicker (R., Miss.), the
Commerce Committee chairman, praised the investigation and settlement as
exemplary work by the FTC. But he said the case underscored the need for
federal privacy legislation.
Sen. Josh Hawley (R., Mo.), a Big Tech critic, said on Twitter that the settlement
“does nothing to change Facebook’s creepy surveillance of its own users & the
misuse of user data.”
“Facebook paid the FTC $5B for a letter that says ‘You never again have to
create mechanisms that could facilitate competition,’” former Facebook security
chief Alex Stamos said on Twitter.
If anything, however, scrutiny of Big Tech is increasing in Washington.
The Justice Department—which shares antitrust enforcement authority with the
FTC—said this week it is opening a broad new review examining whether
dominant technology firms are unlawfully stifling competition. That is adding to
risks for Facebook as well as Google parent Alphabet
Inc., Amazon.com Inc. and Apple Inc.
In its second-quarter earnings report later Wednesday, Facebook warned that
the FTC had launched an antitrust investigation into the company in June.
Facebook is also facing privacy probes in other countries, and confirmed another
mistake this week that allowed children to interact with unapproved users on its
Messenger Kids app.
Under the settlement, Mr. Zuckerberg will be required to certify that the company
is complying with new privacy strictures, and face civil and criminal penalties for
false statements. An independent privacy auditor will be granted access inside
Facebook, and the company said it would assign more than 1,000 people to work
on the matter.
Facebook’s board will create a new committee to more closely monitor the
company’s privacy practices, and independent directors will have more say over
new members. At the same time, Mr. Zuckerberg controls most of the company’s
voting shares.
Marc Rotenberg, president of the Electronic Privacy Information Center advocacy
group, said the internal changes at Facebook won’t give the public a way to
check their effectiveness. “This is internal reporting, not subject to public review,”
he said.
Users’ experience on Facebook may not change much, but the settlement should
boost consumers’ confidence that the company is keeping its privacy promises,
the FTC and Facebook said.
It will be up to other companies whether to follow Facebook’s lead. While FTC
officials wanted to use the case to set an example, they also made clear they
saw Facebook’s actions as distinctly unacceptable.
The Securities and Exchange Commission announced separately on Wednesday
a settlement with Facebook—including a $100 million fine—over claims it misled
investors about the misuse of customer data.
The federal probes began more than a year ago after disclosures that data on
tens of millions of Facebook users had been improperly transferred to a political
data-analytics firm, Cambridge Analytica, that did work for Donald Trump’s 2016
presidential campaign. The FTC and SEC both filed complaints in federal court
detailing the results of their investigations, which Facebook agreed to settle
without admitting or denying.
Cambridge Analytica’s data on Facebook users originated with a University of
Cambridge professor’s app, “thisisyourdigitiallife,” that quizzed users on their
personalities and harvested other information from them and their friends. The
firm and professor used the information to target U.S. voters, the FTC said in a
separate action announcing orders restricting future business activities by the
professor and Cambridge Analytica’s former CEO.
The FTC said that incident was part of a pattern: Facebook let users think they
had turned off certain types of data sharing, when in fact the data was shared
anyway—in many cases because their friends had allowed it. Even after
Facebook said in 2015 it had closed that loophole, it only did so partially, still
granting access to “whitelisted” developers, the FTC said.
Facebook separately told users it wanted their phone numbers for security
purposes, without making it clear that information would be used for advertising.
It also told users they would have to opt into the use of facial-recognition
technology on their photos, when in fact approximately 60 million users were
subjected to it by default, the FTC said.
The problems weren’t a secret inside Facebook, regulators said. As early as
September 2015, some employees raised alarms about Cambridge Analytica’s
practices and asked for an internal investigation into whether it was “scraping”
user data, the SEC said.
Over time, more than 30 employees became aware of the data firm’s actions, yet
Facebook made only generic disclosures to investors in 2016 and 2017 about
theoretical data-privacy risks, and told journalists it hadn’t uncovered any
indications of wrongdoing, the SEC said.
—Dave Michaels contributed to this article.