All the money in the world! Facebook agrees to pay USD $5 billion for breaches of privacy laws

  • 13 Aug 2019
Key Points
  • Facebook has agreed to pay a record breaking USD $5 billion fine for deceiving 80+ million users about its ability to protect their personal information.
  • The multibillion dollar fine is in addition to a $100 million settlement under which Facebook will be required to hand over its privacy decisions to an independent privacy committee.

In a landmark decision, the Federal Trade Commission (FTC), the US consumer regulator, has announced that Facebook has agreed to pay a USD $5 billion (AUD $7.1 billion) fine for deceiving its 80+ million users about the social medial giant’s ability to protect user’s personal information. The multibillion dollar fine is in addition to a $100 million settlement with the US Securities Exchange Commission (SEC).

According to the SEC, under the terms of the settlement:

  • CEO Mark Zuckerberg, alongside other compliance officers, will be required to certify that Facebook has taken steps to protect users’ privacy;
  • Facebook will have to relinquish some control over its privacy decisions which will be handed over to an independent privacy committee of the Facebook board of directors; and
  • the company will be subject to more stringent privacy requirements, including greater oversight over third party applications and the issue of notices in relation to facial recognition tools.

The fine is one of the largest regulatory penalties imposed by the US government and stems from findings that Facebook failed to ensure the destruction of personal information harvested by Cambridge Analytica. If the name sounds familiar, you may recall that in late 2015 the Guardian reported that Cambridge Analytica was assisting Ted Cruz’s presidential campaign by using psychological data harvested from tens of millions of Facebook users in an attempt to gain advantage over the Republican candidate’s competitors. According to the SEC, Facebook discovered the misuse of its users’ information at the time but did not correct its existing disclosure for more than 2 years. Facebook has not admitted or denied the SEC claims.

As to the question of whether the penalties are sufficient given the scale of the breaches, opinions are divided. FTC Chairman, Joe Simons, stated that “the relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continue violations”. Others are not so convinced given that Facebook generated some $22 billion last year. In an open letter to the FTC, Richard Blumenthal of Connecticut and Senator Josh Hawley, a Missouri Republican wrote “If the FTC is seen as a traffic police handing out speeding tickets to companies profiting off breaking the law, then Facebook and others will continue to push the boundaries”. The sentiment is mirrored by many who consider that Facebook, including its CEO Mark Zuckerberg, should face prosecution.

Despite the differences of opinion, the record breaking fine must be considered against the backdrop of recent global changes to rein in privacy breaches and the prolific commoditisation of users’ data. The European Union and the UK have recently made positive strives towards reinforcing privacy protections via the General Data Protection Regulation (more colloquially referred to as the GDPR laws). Similarly, Australia has seen the introduction of the notifiable data breaches regime. These laws go a long way in giving people control over their data and impose strict notification obligations in circumstances where there has been a data breach.

The incident illustrates the need for vigilance and a proactive approach towards privacy protection in an ever-changing technology landscape.

Post by John Kell and Vanja Simic


Most Popular Articles


When can the unqualified be qualified? Non-lawyers engaging in legal practice - when is it OK and when is the law broken

Only lawyers can provide legal advice, but anyone can provide legal information. When thinking of the difference, you might ask your friend or colleague to provide information about a serious illness; however you would seek out a qualified medical professional in relation to its treatment.

Service of Notices by Registered Post

Where service of a notice is authorised or required by post, unless the contrary intention appears, service will be deemed to be effected at the time when the notice would be delivered in the ordinary course of post: see the various Acts Interpretation acts of the States and Commonwealth.

Thanks, but no thanks – I don’t want to inherit

It seems odd that anybody would reject an inheritance, but for some beneficiaries, there are valid reasons they do not wish to receive their inheritance.

Subscribe to Our Blog

Keeping you connected, Hicksons regularly publishes articles to keep you up to date on the latest developments. To receive these updates via email, please subscribe below and indicate which areas of law you would like to receive information on.