All the money in the world! Facebook agrees to pay USD $5 billion for breaches of privacy laws

Key Points
  • Facebook has agreed to pay a record breaking USD $5 billion fine for deceiving 80+ million users about its ability to protect their personal information.
  • The multibillion dollar fine is in addition to a $100 million settlement under which Facebook will be required to hand over its privacy decisions to an independent privacy committee.

In a landmark decision, the Federal Trade Commission (FTC), the US consumer regulator, has announced that Facebook has agreed to pay a USD $5 billion (AUD $7.1 billion) fine for deceiving its 80+ million users about the social medial giant’s ability to protect user’s personal information. The multibillion dollar fine is in addition to a $100 million settlement with the US Securities Exchange Commission (SEC).

According to the SEC, under the terms of the settlement:

  • CEO Mark Zuckerberg, alongside other compliance officers, will be required to certify that Facebook has taken steps to protect users’ privacy;
  • Facebook will have to relinquish some control over its privacy decisions which will be handed over to an independent privacy committee of the Facebook board of directors; and
  • the company will be subject to more stringent privacy requirements, including greater oversight over third party applications and the issue of notices in relation to facial recognition tools.

The fine is one of the largest regulatory penalties imposed by the US government and stems from findings that Facebook failed to ensure the destruction of personal information harvested by Cambridge Analytica. If the name sounds familiar, you may recall that in late 2015 the Guardian reported that Cambridge Analytica was assisting Ted Cruz’s presidential campaign by using psychological data harvested from tens of millions of Facebook users in an attempt to gain advantage over the Republican candidate’s competitors. According to the SEC, Facebook discovered the misuse of its users’ information at the time but did not correct its existing disclosure for more than 2 years. Facebook has not admitted or denied the SEC claims.

As to the question of whether the penalties are sufficient given the scale of the breaches, opinions are divided. FTC Chairman, Joe Simons, stated that “the relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continue violations”. Others are not so convinced given that Facebook generated some $22 billion last year. In an open letter to the FTC, Richard Blumenthal of Connecticut and Senator Josh Hawley, a Missouri Republican wrote “If the FTC is seen as a traffic police handing out speeding tickets to companies profiting off breaking the law, then Facebook and others will continue to push the boundaries”. The sentiment is mirrored by many who consider that Facebook, including its CEO Mark Zuckerberg, should face prosecution.

Despite the differences of opinion, the record breaking fine must be considered against the backdrop of recent global changes to rein in privacy breaches and the prolific commoditisation of users’ data. The European Union and the UK have recently made positive strives towards reinforcing privacy protections via the General Data Protection Regulation (more colloquially referred to as the GDPR laws). Similarly, Australia has seen the introduction of the notifiable data breaches regime. These laws go a long way in giving people control over their data and impose strict notification obligations in circumstances where there has been a data breach.

The incident illustrates the need for vigilance and a proactive approach towards privacy protection in an ever-changing technology landscape.

Post by John Kell and Vanja Simic

 

Most Popular Articles

Blog

Service of Notices by Registered Post

Where service of a notice is authorised or required by post, unless the contrary intention appears, service will be deemed to be effected at the time when the notice would be delivered in the ordinary course of post: see the various Acts Interpretation acts of the States and Commonwealth.
Blog

Abandonment of employment – some best practice tips

We are regularly asked to advise employers in relation to whether certain circumstances amount to abandonment of employment and, if so, what are the employer’s rights and obligations.
  • 1 Mar 2017

Blog

Abolition of Duties – 1 July 2016

On 1 July 2016, mortgage duty, certain business asset duties and marketable duties (shares and units) are being abolished in New South Wales. 

Subscribe to Our Blog

Keeping you connected, Hicksons regularly publishes articles to keep you up to date on the latest developments. To receive these updates via email, please subscribe below and indicate which areas of law you would like to receive information on.

Top