Friday, March 29, 2024

Facebook Agreed to Pay Historic Penalty of $5 Billion & Provides New Tools For FTC To Monitor Facebook

Facebook finally agreed to pay $5 billion penalty from the Federal Trade Commission for the failure to protect its user’s privacy and FTC also imposes new restrictions to change the Facebook privacy model and creating multiple channels of new compliance.

$5 Billion is the highest penalty ever imposed on any other companies for violating consumers’ privacy or any type of violation by U.S Government, and it is 20 times biggest than the highest penalty for the violation of user privacy.

The $5 billion fine is not a big deal for Facebook which made a profit of $22 billion last year on $56 billion in total revenue through the business model advertisement for its customer’s product and service among more than billion Facebook users.

According to FTC Chairman Joe Simons “The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.

New Restrictions on Facebook’s Privacy Model

Other than the Penalty, Facebook required to create multiple channels of compliance and imposes the new privacy requirements.

In order to prevent the user’s privacy in the future, Facebook Committed to FTC with the settlement order for 20 years that requires to makes privacy decisions by boosting the transparency of decision making and holding Facebook accountable via overlapping channels of compliance.

Independent privacy committee – Facebook must set up the independent privacy committee in the board of directors level and removing unfettered control by Facebook’s CEO Mark Zuckerberg over decisions affecting user privacy.

Members of the privacy committee must be independent and will be appointed by an independent nominating committee.

Facebook’s privacy program- Facebook requires to set up Facebook’s privacy program to strengthens external oversight of Facebook by enhances the independent third-party assessor’s who can help Facebook’s privacy program based on the fact-gathering, sampling, and testing.

The independent assessor will be required to report directly to the new privacy board committee on a quarterly basis. 

Privacy program should cover the WhatsApp and Instagram, Facebook must conduct a privacy review of every new or modified product before implementation.

Accountability at the individual level – Under this Compliance, Facebook required to set up new compliance officers who will be responsible for Facebook’s privacy program and officers can be appointed by the new board privacy committee, not by Facebook’s CEO or Facebook employees.

Compliance officers and Facebook CEO must submit the FTC quarterly certifications with the report of compliance with the privacy program and the annual certification that the company is in overall compliance.

“The order also authorizes the FTC to use the discovery tools provided by the Federal Rules of Civil Procedure to monitor Facebook’s compliance with the order.”

Other Privacy Requirements Imposed By FTC

1. Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;

2. Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;

3. Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;

4. Facebook must establish, implement, and maintain a comprehensive data security program;

5. Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext;

6. Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.

Statement From Mark Zuckerberg

Facebook released an official statement about the penalty and new major changes in structure and privacy controls.

“We’ve formally reached a settlement with the Federal Trade Commission about privacy. We’ve agreed to pay a historic fine, but even more important, we’re going to make some major structural changes to how we build products and run this company.”

“We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.”

Overall, these changes go beyond anything required under US law today. The reason I support them is that I believe they will reduce the number of mistakes we make and help us deliver stronger privacy protections for everyone. Mark said in his Facebook statement.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles