Facebook easily overcomes $5 billion FTC fine, but will more scrutiny hurt?

When a company like Facebook can make $6 billion in a day, being slapped with a $5 billion fine makes breaking the law worth the small trouble. Sadly, the fact that their stock jumped up upon the announcement of the penalty only shows that on Wall Street, crime and violations are a profitable enterprise.

Google had a similar type case, but the FTC settlement wound up being several times the company’s profit from the violation. What was the difference? The FTC didn’t bother looking into that part of it.

Another difference was that the investigation was rushed and incomplete. Plus, none of the executives, including Mark Zuckerberg, were kept off the hot seat. There weren’t any citations of a deposition with Zuckerberg or Sheryl Sandberg. No charges were brought against either of the two, and they suffered no consequences.

In a nutshell, the new privacy measures are purely on the honor system proving that the oversight is just going through the motions. Facebook has stated they are going through other investigations, but if the outcome is like this one, they will gladly welcome them to make it look like they are complying and doing right by their users. Facebook will continue to make money off of user mass surveillance whether you like it or not.

Surviving A Historical Fine

Facebook survived its latest brush with U.S. privacy regulators, at the cost of a record $5 billion fine and other restrictions imposed by the Federal Trade Commission. But it’s far from home free.

While the company looks set to prosper in the wake of the FTC case, it faces a series of other investigations into its privacy practices in Europe and across the U.S. Concerns over the limits of the just-settled probe could fuel efforts to craft tougher privacy laws at the state and federal level.

The social network is also gearing up to fight investigations into its allegedly anticompetitive behavior, such as Facebook’s habit of buying would-be rivals like Instagram and blatantly duplicating features introduced by competing services.

The Department of Justice opened a broad antitrust probe focused on technology companies on Tuesday. On Wednesday Facebook disclosed that it also faces a fresh FTC investigation into alleged anticompetitive behavior. It didn’t provide details of the scope or focus of the probe. Representatives of the FTC confirmed the antitrust investigation but offered no additional information.

The outcome of these investigations may well determine whether the world’s governments can actually rein in a transnational corporation that directly touches almost a third of the world’s population.

“There is a lot more to come on the regulatory front for Facebook,” said Debra Aho Williamson, analyst with the research firm eMarketer. To pre-empt this and do things on its own terms, Williamson said the company is “going to do whatever it can” to change its business model and change the way it gathers data.

The FTC penalties, viewed by some as a stunning rebuke to the social network, might well crush a smaller firm. But they seem unlikely to faze Facebook — the fine, for instance, amounts to less than 10% of Facebook’s annual revenue and not even a quarter of its annual profits. Some critics charge that that the FTC didn’t deliver much more than a slap on the wrist.

“Facebook makes that much money in a couple of weeks,” said Siva Vaidhyanathan, a University of Virginia professor and author of “Antisocial Media: How Facebook Disconnects Us and Undermines Democracy.” The company is free to “get back to business as usual,” he said.

Wall Street seems to agree. Facebook’s stock price climbed higher Wednesday after the deal was announced. The company is worth much more than it was when its Cambridge Analytica privacy scandal erupted back in March 2018. On Wednesday, Facebook’s market value hovered around $575 billion — roughly $40 billion above where it stood before the news of the Cambridge abuses broke.

Ashkan Soltani, a former FTC chief technologist, said the settlement was effectively “a get-out-of-jail free card for Facebook.” The deal absolves Facebook of any consumer-protection claims prior to June 12 of this year, a highly unusual step that effectively wipes the slate clean where known historical privacy violations are concerned.

Soltani and other critics also note that the FTC settlement barely touches Facebook’s underlying business practices, which rely on the collection and analysis of its users’ activities and personal details to fuel the company’s lucrative advertising machine. In its formal legal complaint, the FTC used the word “deceptive” 14 times to describe Facebook’s practices and policies.

“There is a lot more to come on the regulatory front for Facebook,” said Debra Aho Williamson, analyst with the research firm eMarketer. To pre-empt this and do things on its own terms, Williamson said the company is “going to do whatever it can” to change its business model and the way it gathers data.

Facebook has already signaled that this is coming. Earlier this year, CEO Mark Zuckerberg unveiled a new “privacy focused” vision for the company that centers on private messaging and encrypted communications. The details are scant. But it shows that the company is thinking years into the future even as regulators are investigating and punishing it for years-past violations.

As part of the FTC’s settlement with Facebook, Zuckerberg will have to personally certify his company’s compliance with its privacy programs. The FTC said that false certifications could expose him to civil or criminal penalties. But the settlement did not hold Zuckerberg personally liable for the past violations, as some had expected.

In a Facebook post Wednesday, Zuckerberg vowed to “make some major structural changes to how we build products and run this company” as a result of the settlement. “We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.”

In a similar tone, FTC Chairman Joe Simons, speaking at a news conference, said the settlement is “unprecedented in the history of the FTC” and is designed “to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”

Simons, however, acknowledged that the FTC’s powers were limited. It could not, for instance, fine Facebook $10 billion or target Zuckerberg personally for investigation. “We cannot impose such things by our own fiat,” he said at a news conference following release of the settlement.

Three Republican commissioners voted for the fine while two Democrats opposed it. Their wish list included specific punishment for Zuckerberg, strict limits on what data Facebook can collect and possibly even breaking off subsidiaries such as WhatsApp and Instagram.

Nonetheless, the regulators touted the agreement as imposing a “sea change” on how Facebook handles the privacy of people’s data. Simons called it “a belt-and-suspenders approach to compliance” — with five overlapping “channels” both inside and outside Facebook.

For instance, a new, independent committee of Facebook’s board that focus on privacy alone. As agreed, Zuckerberg and the new designated compliance officers must each, independently, certify to the FTC that Facebook is in compliance. Falsely certifying would subject Zuckerberg and the officers to personal liability, including civil and criminal penalties.

Commissioner Noah Phillips compared that to the regime imposed on corporate CEOs following the wave of accounting scandals in 2001-2002 that began with Enron. CEOs now are required by law to personally vouch for the accuracy of their financial reports.

ftc 5 billion dollar settlement with facebook slap on wrist

How Facebook FTC Settlement Affects You

New rules for sharing data with third-party apps and advertisers

The FTC ruling sets stricter standards for how Facebook deals with third-party apps and advertisers. Facebook is now required to remove third-party entities that don’t comply with Facebook’s policies or cannot reasonably justify their requests for specific data from Facebook’s users.

This means that these apps and advertisers no longer have carte-blanche access to user data and must explain exactly how and why that data will be used, but the exact standards for “justifying” requests are not defined. That lack of definition could lead to a lot of grey areas regarding these rules, but Facebook users have several tools for seeing how their data is brokered, and controlling access to it. Most importantly, this ruling doesn’t place limits on how Facebook can learn more about you; rather, it’s attempting to curb what Facebook sells to advertisers.

Better transparency for facial-recognition technology

Facebook now has to clearly alert users that it uses facial-recognition technology, be more forthcoming about how and why it’s used, and alert users if it updates its technology or functionality beyond what users were originally asked to agree to. The company also has to get express consent from users in order to opt them into facial recognition features in the first place—something it notoriously overlooked in the past.

We’ll likely see a better explanation of the technology and further refined opt-in/out user settings as a result of this ruling, but it’s important to point out that it doesn’t change current user settings—though we have a guide for reviewing and changing Facebook facial recognition settings.

New password storage requirements

Paradoxically, it was both shocking and unsurprising when reports exposed how Facebook’s poor password data protection. Thankfully, as per the FTC ruling, all password data must now be fully encrypted and the company is now required to regularly scan for plain text storage on its servers. Similarly, Facebook won’t be able to ask new users your email passwords to their other services, either.

Restricted collection of phone numbers

In the past, Facebook had ways of finding (and then distributing) your phone number, even if you didn’t supply such data in your profile. With this new FTC ruling, Facebook is now barred from “using” phone numbers it obtained through security features, such as two-step verification.

What’s unclear, however, is what exactly “using” means. Collecting them? Selling them? It’s hard to say, and that’s frustrating since Facebook has a habit of “accidentally” collecting phone numbers. Thankfully, there are ways to delete such information from your profile and keep Facebook from snooping around your device’s contact information.