Thursday, December 5, 2024
HomeFACEBOOKFacebook Agreed to Pay Historic Penalty of $5 Billion & Provides New...

Facebook Agreed to Pay Historic Penalty of $5 Billion & Provides New Tools For FTC To Monitor Facebook

Published on

SIEM as a Service

Facebook finally agreed to pay $5 billion penalty from the Federal Trade Commission for the failure to protect its user’s privacy and FTC also imposes new restrictions to change the Facebook privacy model and creating multiple channels of new compliance.

$5 Billion is the highest penalty ever imposed on any other companies for violating consumers’ privacy or any type of violation by U.S Government, and it is 20 times biggest than the highest penalty for the violation of user privacy.

The $5 billion fine is not a big deal for Facebook which made a profit of $22 billion last year on $56 billion in total revenue through the business model advertisement for its customer’s product and service among more than billion Facebook users.

- Advertisement - SIEM as a Service

According to FTC Chairman Joe Simons “The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.

New Restrictions on Facebook’s Privacy Model

Other than the Penalty, Facebook required to create multiple channels of compliance and imposes the new privacy requirements.

In order to prevent the user’s privacy in the future, Facebook Committed to FTC with the settlement order for 20 years that requires to makes privacy decisions by boosting the transparency of decision making and holding Facebook accountable via overlapping channels of compliance.

Independent privacy committee – Facebook must set up the independent privacy committee in the board of directors level and removing unfettered control by Facebook’s CEO Mark Zuckerberg over decisions affecting user privacy.

Members of the privacy committee must be independent and will be appointed by an independent nominating committee.

Facebook’s privacy program- Facebook requires to set up Facebook’s privacy program to strengthens external oversight of Facebook by enhances the independent third-party assessor’s who can help Facebook’s privacy program based on the fact-gathering, sampling, and testing.

The independent assessor will be required to report directly to the new privacy board committee on a quarterly basis. 

Privacy program should cover the WhatsApp and Instagram, Facebook must conduct a privacy review of every new or modified product before implementation.

Accountability at the individual level – Under this Compliance, Facebook required to set up new compliance officers who will be responsible for Facebook’s privacy program and officers can be appointed by the new board privacy committee, not by Facebook’s CEO or Facebook employees.

Compliance officers and Facebook CEO must submit the FTC quarterly certifications with the report of compliance with the privacy program and the annual certification that the company is in overall compliance.

“The order also authorizes the FTC to use the discovery tools provided by the Federal Rules of Civil Procedure to monitor Facebook’s compliance with the order.”

Other Privacy Requirements Imposed By FTC

1. Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;

2. Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;

3. Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;

4. Facebook must establish, implement, and maintain a comprehensive data security program;

5. Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext;

6. Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.

Statement From Mark Zuckerberg

Facebook released an official statement about the penalty and new major changes in structure and privacy controls.

“We’ve formally reached a settlement with the Federal Trade Commission about privacy. We’ve agreed to pay a historic fine, but even more important, we’re going to make some major structural changes to how we build products and run this company.”

“We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.”

Overall, these changes go beyond anything required under US law today. The reason I support them is that I believe they will reduce the number of mistakes we make and help us deliver stronger privacy protections for everyone. Mark said in his Facebook statement.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

I-O DATA Routers Command Injection Vulnerabilities Actively Exploited in Attacks

I-O DATA DEVICE, INC. has announced that several critical vulnerabilities in their UD-LT1 and...

ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF

Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the...

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy...

Beware Of Dating Apps Exposing Your Personal And Location Details To Cyber Criminals

Threat actors often attack dating apps to steal personal data, including sensitive data and...