After the numerous privacy scandals, Facebook will have to pay $5,000 million of fine for not protecting the data of its users as established in its 2012 agreement, as announced by the Federal Trade Commission in the United States. It is a historic fine, the largest ever imposed by the US on a company.
In addition to the fine, Facebook has also accepted the imposition of a supervisory board to review practices on the use of its users’ data. An independent body of directors to “control without restrictions” the company’s decisions regarding privacy. These members will be elected by another committee and may only be dismissed if two-thirds agree.
A fine equivalent to 9% of Facebook’s revenue in 2018
The $5,000 million fine is much greater than the $22.5 million fine imposed on Google for its anti-privacy practices. It is also similar to the historic fine that the European Union put on Google Android which was 4,340 million euros.
This is undoubtedly a forceful movement by the FTC, which to date had not been as strict as the European Commission in filing fines. This amount represents approximately 9% of the company’s revenues in 2018.
The FTC’s decision began in March 2018, when the investigation occurred in the wake of the Cambridge Analytica events. Separately, the US Securities and Exchange Commission has also announced that they will fine Facebook with $100 million for making misleading statements about the risk of misuse of the data. A second fine that is completely eclipsed by the value of the one filed by the FTC.
Facebook must notify the independent advisors quarterly, notifying them with a maximum period of 30 days if the privacy has been compromised or there have been incidents with the data of 500 or more users.
These are some of the measures imposed by the FTC that Facebook must comply with in addition to paying the fine established:
- Facebook must exercise greater supervision over third-party applications, including applications from developers that do not certify that they comply with the platform’s policies.
- Facebook is prohibited from using the telephone numbers obtained to enable a security feature (for example, two-factor authentication) for advertising.
- Facebook must provide clear and noticeable notice of its use of facial recognition technology and obtain express consent before any use that substantially exceeds its disclosure.
- Facebook must establish, implement and maintain a comprehensive data security program.
- Facebook must encrypt user passwords and scan regularly to detect if passwords are stored in plain text.
- Facebook is prohibited from requesting email passwords to other services when consumers sign up to receive their services.
An agreement to change the dynamics of Facebook
From his personal Facebook account, Mark Zuckerberg has confirmed this agreement and remarked that “in general, these changes go beyond what is required by United States law. The reason I support it is that I think they will reduce the number of mistakes we make and will help us offer stronger privacy protections for everyone. “