Governance & Risk Management , IT Risk Management , Privacy

Lawmakers, Privacy Advocates Slam FTC's Facebook Settlement

Critics Say the Deal Doesn't Do Enough to Protect Users' Privacy
Lawmakers, Privacy Advocates Slam FTC's Facebook Settlement

Shortly after Facebook's $5 billion privacy settlement with the U.S. Federal Trade Commission was announced on Wednesday, a steady stream of privacy advocates and lawmakers began criticizing the deal, arguing that the social media giant still holds too much sway over its users' personal data.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Although a federal judge must still approve the deal, the FTC and U.S. Justice Department signed off on the agreement this week. It includes a number of provisions that Facebook must follow over the course of the next 20 years to ensure compliance with privacy requirements.

For example, the FTC noted that the settlement requires Facebook to create a new independent commission overseen by the company's board of directors that will take many of the user privacy decisions out of the hands of CEO Mark Zuckerberg, who must now summit quarterly and annual reports to the FTC about compliance with the settlement.

Facebook Slammed

Despite the record-setting fine and the new requirements help protect users' privacy, many critics blasted the deal. That includes the two Democratic FTC commissioners who voted against it.

"While the order includes some encouraging injunctive relief, I am skeptical that its terms will have a meaningful disciplining effect on how Facebook treats data and privacy," Commissioner Rebecca Kelly Slaughter wrote in her dissent. "Specifically, I cannot view the order as adequately deterrent without both meaningful limitations on how Facebook collects, uses, and shares data and public transparency regarding Facebook's data use and order compliance."

Adam Schwartz, a senior staff attorney with the Electronic Frontier Foundation, a not-for-profit organization that advocates for digital privacy and free speech, writes in a blog that the public needs more details about how Facebook collects, uses and shares personal information - and how the company plans to fully implement the new requirements included in the settlement.

The settlement does nothing to diminish Facebook's market power when it comes to social media and internet advertising, Schwartz says. Too many Silicon Valley companies – including Facebook - practice "surveillance capitalism," where consumers are offered free services and tech firms collect behavioral data on them, often without them knowing, he adds (see: Consumer Privacy: Reasons for Optimism As Well As Concern).

One way to stop this, Schwartz says, is to enact a federal privacy law to protect consumers.

"Taken as a whole, this settlement is bad news for consumer privacy," Schwartz says. "But this is bigger than Facebook. Its surveillance-driven targeted ad business model is common across the web. To protect user’s privacy rights, we need solid consumer data privacy legislation."

The criticism of the Facebook deal with the FTC mirrors many of the same complaints from consumer advocates that greeted the announcement earlier this week that Equifax would pay hundreds of millions dollars as part of a settlement tied to its 2017 data breach (see: Is the Equifax Settlement Good Enough?).

Lawmakers Weigh In

Several federal lawmakers expressed concerns about Facebook's continuing ability to collect users' personal data for financial gain.

The social media firm had $55.8 billion in revenue in 2018, and the company announced Wednesday that its second quarter net income for this year totaled $2.6 billion.

So even with a record fine, the FTC did little to hamper Facebook's ability to monetize its users' data through online advertising and giving access to third parties, some lawmakers say.

"The FTC failed to heed history," says U.S. Sen. Richard Blumenthal, D-Conn. "Facebook has written this penalty down as a one-time cost in return for the extraordinary profits reaped from a decade of data misuse. The American public is owed more than another Zuckerberg apology [and] an anemic FTC settlement."

Sen. Ron Wyden, D-Ore., called for new laws to hold executives such as Zuckerberg accountable when user data is abused.

But it wasn't only Democrats who criticized the FTC’s Facebook settlement.

Sen. Josh Hawler, R-Mo., also expressed his displeasure, saying in a tweet that the Justice Department needs to investigate tech companies’ practices, including how they collect user data and then sell it to third parties.

On Wednesday, Facebook acknowledged during the company's earnings call that it's a target of a federal antitrust investigation by the Justice Department, as U.S. Attorney General William Barr announced this week.

Even before the settlement with Facebook, Sen. Elizabeth Warren, D-Mass., and others have called for new laws to impose jail time for executives found guilty of misusing or not properly protecting customer data (see: Sen. Warren Wants CEOs Jailed After Big Breaches).

Defending the Settlement

The three Republican commissioners issued a joint statement defending the settlement they approved, noting the record fine as well as provisions that Facebook, along with its subsidiaries WhatsApp and Instagram, must follow.

"The $5 billion penalty assessed against Facebook today is orders of magnitude greater than in any other privacy case, and also represents almost double the greatest percentage of profits a court has ever awarded as a penalty in an FTC case," the Republican commissioners wrote Wednesday. "If the FTC had litigated this case, it is highly unlikely that any judge would have imposed a civil penalty even remotely close to this one."

Other Republicans also defended the Facebook settlement. For example, Reps. Greg Walden, of Oregon and Cathy McMorris Rodgers of Washington, who serve on the House Energy and Commerce Committee, said that the agreement goes far in addressing many concerns.

"There are many questions about how the new requirements on Facebook will be enforced and what impact that will have on users’ privacy moving forward," the two wrote. "Those details will really matter, but what we do know is that this order covers a wide range of privacy and data security issues at Facebook, WhatsApp and Instagram."

In his own post about the settlement, Zuckerberg noted that the agreement gives the company a framework to help protect user data and privacy. He added that Facebook is planning to invest thousands of man hours to improve its network and infrastructure to address privacy issues.

"Going forward, when we ship a new feature that uses data, or modify an existing feature to use data in new ways, we'll have to document any risks and the steps we're taking to mitigate them," Zuckerberg says. "We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work. And we expect it will take longer to build new products following this process going forward."

About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.