Thursday, November 30, 2023

Facebook Agreed to Pay Historic Penalty of $5 Billion & Provides New Tools For FTC To Monitor Facebook

Facebook finally agreed to pay $5 billion penalty from the Federal Trade Commission for the failure to protect its user’s privacy and FTC also imposes new restrictions to change the Facebook privacy model and creating multiple channels of new compliance.

$5 Billion is the highest penalty ever imposed on any other companies for violating consumers’ privacy or any type of violation by U.S Government, and it is 20 times biggest than the highest penalty for the violation of user privacy.

The $5 billion fine is not a big deal for Facebook which made a profit of $22 billion last year on $56 billion in total revenue through the business model advertisement for its customer’s product and service among more than billion Facebook users.

According to FTC Chairman Joe Simons “The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.

New Restrictions on Facebook’s Privacy Model

Other than the Penalty, Facebook required to create multiple channels of compliance and imposes the new privacy requirements.

In order to prevent the user’s privacy in the future, Facebook Committed to FTC with the settlement order for 20 years that requires to makes privacy decisions by boosting the transparency of decision making and holding Facebook accountable via overlapping channels of compliance.

Independent privacy committee – Facebook must set up the independent privacy committee in the board of directors level and removing unfettered control by Facebook’s CEO Mark Zuckerberg over decisions affecting user privacy.

Members of the privacy committee must be independent and will be appointed by an independent nominating committee.

Facebook’s privacy program- Facebook requires to set up Facebook’s privacy program to strengthens external oversight of Facebook by enhances the independent third-party assessor’s who can help Facebook’s privacy program based on the fact-gathering, sampling, and testing.

The independent assessor will be required to report directly to the new privacy board committee on a quarterly basis. 

Privacy program should cover the WhatsApp and Instagram, Facebook must conduct a privacy review of every new or modified product before implementation.

Accountability at the individual level – Under this Compliance, Facebook required to set up new compliance officers who will be responsible for Facebook’s privacy program and officers can be appointed by the new board privacy committee, not by Facebook’s CEO or Facebook employees.

Compliance officers and Facebook CEO must submit the FTC quarterly certifications with the report of compliance with the privacy program and the annual certification that the company is in overall compliance.

“The order also authorizes the FTC to use the discovery tools provided by the Federal Rules of Civil Procedure to monitor Facebook’s compliance with the order.”

Other Privacy Requirements Imposed By FTC

1. Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;

2. Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;

3. Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;

4. Facebook must establish, implement, and maintain a comprehensive data security program;

5. Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext;

6. Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.

Statement From Mark Zuckerberg

Facebook released an official statement about the penalty and new major changes in structure and privacy controls.

“We’ve formally reached a settlement with the Federal Trade Commission about privacy. We’ve agreed to pay a historic fine, but even more important, we’re going to make some major structural changes to how we build products and run this company.”

“We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.”

Overall, these changes go beyond anything required under US law today. The reason I support them is that I believe they will reduce the number of mistakes we make and help us deliver stronger privacy protections for everyone. Mark said in his Facebook statement.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.


Latest articles

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

CISA Warns Hackers Exploiting Wastewater Systems Logic Controllers

In a disconcerting turn of events, cyber threat actors have set their sights on...

Zyxel Command Injection Flaws Let Attackers Run OS Commands

Three Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products,...

North Korean Hackers Attacking macOS Using Weaponized Documents

Hackers often use weaponized documents to exploit vulnerabilities in software, which enables the execution...

Most Popular Websites Still Allow Users To Have Weak Passwords

The latest analysis shows that tens of millions of people are creating weak passwords...

Chrome Zero-Day Vulnerability That Exploited In The Wild

Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles