Governance & Risk Management , IT Risk Management , Privacy
Lawmakers, Privacy Advocates Slam FTC's Facebook Settlement
Critics Say the Deal Doesn't Do Enough to Protect Users' PrivacyShortly after Facebook's $5 billion privacy settlement with the U.S. Federal Trade Commission was announced on Wednesday, a steady stream of privacy advocates and lawmakers began criticizing the deal, arguing that the social media giant still holds too much sway over its users' personal data.
See Also: Accelerate Your Mission with Elastic as a Global Data Mesh
Although a federal judge must still approve the deal, the FTC and U.S. Justice Department signed off on the agreement this week. It includes a number of provisions that Facebook must follow over the course of the next 20 years to ensure compliance with privacy requirements.
For example, the FTC noted that the settlement requires Facebook to create a new independent commission overseen by the company's board of directors that will take many of the user privacy decisions out of the hands of CEO Mark Zuckerberg, who must now summit quarterly and annual reports to the FTC about compliance with the settlement.
Facebook Slammed
Despite the record-setting fine and the new requirements help protect users' privacy, many critics blasted the deal. That includes the two Democratic FTC commissioners who voted against it.
"While the order includes some encouraging injunctive relief, I am skeptical that its terms will have a meaningful disciplining effect on how Facebook treats data and privacy," Commissioner Rebecca Kelly Slaughter wrote in her dissent. "Specifically, I cannot view the order as adequately deterrent without both meaningful limitations on how Facebook collects, uses, and shares data and public transparency regarding Facebook's data use and order compliance."
The $5B is not enough given the scope of the offenses and FB's financial position. The harm that flowed from FB's misconduct included the Cambridge Analytica efforts to manipulate voters (incl in 2014) - that's just one example. This is about the institutions of our democracy.
— Rebecca Kelly Slaughter (@RKSlaughterFTC) July 24, 2019
Adam Schwartz, a senior staff attorney with the Electronic Frontier Foundation, a not-for-profit organization that advocates for digital privacy and free speech, writes in a blog that the public needs more details about how Facebook collects, uses and shares personal information - and how the company plans to fully implement the new requirements included in the settlement.
The settlement does nothing to diminish Facebook's market power when it comes to social media and internet advertising, Schwartz says. Too many Silicon Valley companies – including Facebook - practice "surveillance capitalism," where consumers are offered free services and tech firms collect behavioral data on them, often without them knowing, he adds (see: Consumer Privacy: Reasons for Optimism As Well As Concern).
One way to stop this, Schwartz says, is to enact a federal privacy law to protect consumers.
"Taken as a whole, this settlement is bad news for consumer privacy," Schwartz says. "But this is bigger than Facebook. Its surveillance-driven targeted ad business model is common across the web. To protect user’s privacy rights, we need solid consumer data privacy legislation."
The criticism of the Facebook deal with the FTC mirrors many of the same complaints from consumer advocates that greeted the announcement earlier this week that Equifax would pay hundreds of millions dollars as part of a settlement tied to its 2017 data breach (see: Is the Equifax Settlement Good Enough?).
Lawmakers Weigh In
Several federal lawmakers expressed concerns about Facebook's continuing ability to collect users' personal data for financial gain.
The social media firm had $55.8 billion in revenue in 2018, and the company announced Wednesday that its second quarter net income for this year totaled $2.6 billion.
So even with a record fine, the FTC did little to hamper Facebook's ability to monetize its users' data through online advertising and giving access to third parties, some lawmakers say.
"The FTC failed to heed history," says U.S. Sen. Richard Blumenthal, D-Conn. "Facebook has written this penalty down as a one-time cost in return for the extraordinary profits reaped from a decade of data misuse. The American public is owed more than another Zuckerberg apology [and] an anemic FTC settlement."
Sen. Ron Wyden, D-Ore., called for new laws to hold executives such as Zuckerberg accountable when user data is abused.
This sweetheart deal gives Facebook blanket immunity after it misused and abused consumers' privacy. We need strong, enforceable laws on the books to hold executives accountable. https://t.co/KUYnTh05wE
— Ron Wyden (@RonWyden) July 24, 2019
But it wasn't only Democrats who criticized the FTC’s Facebook settlement.
Sen. Josh Hawler, R-Mo., also expressed his displeasure, saying in a tweet that the Justice Department needs to investigate tech companies’ practices, including how they collect user data and then sell it to third parties.
This is very disappointing. This settlement does nothing to change Facebook’s creepy surveillance of its own users & the misuse of user data. It does nothing to hold executives accountable. It utterly fails to penalize Facebook in any effective way. https://t.co/kJjGwUNiRv
— Josh Hawley (@HawleyMO) July 24, 2019
On Wednesday, Facebook acknowledged during the company's earnings call that it's a target of a federal antitrust investigation by the Justice Department, as U.S. Attorney General William Barr announced this week.
Even before the settlement with Facebook, Sen. Elizabeth Warren, D-Mass., and others have called for new laws to impose jail time for executives found guilty of misusing or not properly protecting customer data (see: Sen. Warren Wants CEOs Jailed After Big Breaches).
Defending the Settlement
The three Republican commissioners issued a joint statement defending the settlement they approved, noting the record fine as well as provisions that Facebook, along with its subsidiaries WhatsApp and Instagram, must follow.
"The $5 billion penalty assessed against Facebook today is orders of magnitude greater than in any other privacy case, and also represents almost double the greatest percentage of profits a court has ever awarded as a penalty in an FTC case," the Republican commissioners wrote Wednesday. "If the FTC had litigated this case, it is highly unlikely that any judge would have imposed a civil penalty even remotely close to this one."
Other Republicans also defended the Facebook settlement. For example, Reps. Greg Walden, of Oregon and Cathy McMorris Rodgers of Washington, who serve on the House Energy and Commerce Committee, said that the agreement goes far in addressing many concerns.
"There are many questions about how the new requirements on Facebook will be enforced and what impact that will have on users’ privacy moving forward," the two wrote. "Those details will really matter, but what we do know is that this order covers a wide range of privacy and data security issues at Facebook, WhatsApp and Instagram."
In his own post about the settlement, Zuckerberg noted that the agreement gives the company a framework to help protect user data and privacy. He added that Facebook is planning to invest thousands of man hours to improve its network and infrastructure to address privacy issues.
"Going forward, when we ship a new feature that uses data, or modify an existing feature to use data in new ways, we'll have to document any risks and the steps we're taking to mitigate them," Zuckerberg says. "We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work. And we expect it will take longer to build new products following this process going forward."