Facebook finally agreed to pay $5 billion penalty from the Federal Trade Commission for the failure to protect its user’s privacy and FTC also imposes new restrictions to change the Facebook privacy model and creating multiple channels of new compliance.
$5 Billion is the highest penalty ever imposed on any other companies for violating consumers’ privacy or any type of violation by U.S Government, and it is 20 times biggest than the highest penalty for the violation of user privacy.
The $5 billion fine is not a big deal for Facebook which made a profit of $22 billion last year on $56 billion in total revenue through the business model advertisement for its customer’s product and service among more than billion Facebook users.
According to FTC Chairman Joe Simons “The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.
New Restrictions on Facebook’s Privacy Model
Other than the Penalty, Facebook required to create multiple channels of compliance and imposes the new privacy requirements.
In order to prevent the user’s privacy in the future, Facebook Committed to FTC with the settlement order for 20 years that requires to makes privacy decisions by boosting the transparency of decision making and holding Facebook accountable via overlapping channels of compliance.
Independent privacy committee – Facebook must set up the independent privacy committee in the board of directors level and removing unfettered control by Facebook’s CEO Mark Zuckerberg over decisions affecting user privacy.
Members of the privacy committee must be independent and will be appointed by an independent nominating committee.
Facebook’s privacy program- Facebook requires to set up Facebook’s privacy program to strengthens external oversight of Facebook by enhances the independent third-party assessor’s who can help Facebook’s privacy program based on the fact-gathering, sampling, and testing.
The independent assessor will be required to report directly to the new privacy board committee on a quarterly basis.
Privacy program should cover the WhatsApp and Instagram, Facebook must conduct a privacy review of every new or modified product before implementation.
Accountability at the individual level – Under this Compliance, Facebook required to set up new compliance officers who will be responsible for Facebook’s privacy program and officers can be appointed by the new board privacy committee, not by Facebook’s CEO or Facebook employees.
Compliance officers and Facebook CEO must submit the FTC quarterly certifications with the report of compliance with the privacy program and the annual certification that the company is in overall compliance.
“The order also authorizes the FTC to use the discovery tools provided by the Federal Rules of Civil Procedure to monitor Facebook’s compliance with the order.”
Other Privacy Requirements Imposed By FTC
1. Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;
2. Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;
3. Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;
4. Facebook must establish, implement, and maintain a comprehensive data security program;
5. Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext;
6. Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.
Statement From Mark Zuckerberg
Facebook released an official statement about the penalty and new major changes in structure and privacy controls.
“We’ve formally reached a settlement with the Federal Trade Commission about privacy. We’ve agreed to pay a historic fine, but even more important, we’re going to make some major structural changes to how we build products and run this company.”
“We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.”
Overall, these changes go beyond anything required under US law today. The reason I support them is that I believe they will reduce the number of mistakes we make and help us deliver stronger privacy protections for everyone. Mark said in his Facebook statement.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.