The Federal Trade Commission’s (FTC) settlement with Facebook is not only forcing the social media giant to pay a record $5 billion fee, it’s also mandating that Facebook implement changes specifically aimed at stopping CEO Mark Zuckerberg from having “unfettered control […] over decisions affecting user privacy,” the agency said.
In a response to the settlement published on Facebook, Zuckerberg said his company will abide by the settlement as part of its continuing efforts to improve how it handles data, but also made clear he thinks the settlement terms — which we go into below — overreach above what U.S. law requires when it comes to user data privacy protection.
“We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry,” he wrote. “Overall, these changes go beyond anything required under U.S. law today. The reason I support them is that I believe they will reduce the number of mistakes we make and help us deliver stronger privacy protections for everyone.”
The settlement stems from user data privacy concerns related to the Cambridge Analytica scandal, where nearly 90 million Facebook users had their private information harvested without their knowledge by the titular data firm.
Under the settlement terms, Facebook must establish an independent privacy committee composed of Facebook board members, Variety reports. The company also must appoint compliance officers to ensure Facebook’s actions concerning users’ privacy are in accordance with the terms of this settlement and a 2011 FTC settlement that ruled Facebook was “barred from making misrepresentations about the privacy or security of consumers’ personal information.”
Those compliance officers are required to be overseen by Facebook board members, not by Zuckerberg. However, both Zuckerberg and the compliance officers must submit separate quarterly reports — called certifications — showing Facebook is abiding by the settlement, plus an annual report on top of those that again certifies Facebook is handling users’ data properly.
If Zuckerberg or the compliance officers falsify any of their certification reports, they’ll be subject to individual civil and criminal penalties, per the settlement.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information in shared, Facebook undermined consumers’ choices,” FTC chairman Joe Simons said in a statement reported by Variety. The purpose of the settlement is “not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations,” Simons said.
In his response, Zuckerberg revealed that as a result of the settlement, Facebook has created a new role within the company: Chief Privacy Officer for Products. Who is taking over this role isn’t clear, aside from Zuckerberg saying it’s “one of our most experienced product leaders.”
Facebook is also on the hook for a $100 million fine owed to the Securities and Exchange Commission, announced today as well. That’s a separate case from the FTC’s, but deals with related data privacy matters; the SEC levied the fine because Facebook failed to tell investors about data breaches like Cambridge Analytica’s.