EAST PROVIDENCE, R.I. (WPRI) – Facebook will pay a record-breaking $5 billion fine for violating consumers’ privacy, according to the Federal Trade Commission.
The sweeping settlement was announced Wednesday morning.
According to the FTC, Facebook violated a 2012 order, which required the social media giant to obtain consumer consent before sharing personal information beyond individuals’ privacy settings.
The FTC alleges the company shared users’ information with third-party apps that were downloaded by the user’s Facebook “friends.” According to the FTC, many users were unaware that Facebook was sharing the information.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” FTC Chairman Joe Simons said in a statement.
Mark Zuckerberg, Facebook’s founder, responded to the settlement.
“We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry,” Zuckerberg said.
Congressman David Cicilline reacted to the settlement, calling it a, “Christmas present five months early.”
“It’s very disappointing that such an enormously powerful company that engaged in such serious misconduct is getting a slap on the wrist,” Cicilline said. “This fine is a fraction of Facebook’s annual revenue. It won’t make them think twice about their responsibility to protect user data.”
In addition to the $5 billion penalty – which will go to the U.S. Treasury’s general fund – Facebook is also facing new privacy requirements.
According to the FTC, the privacy overhaul includes several measures:
- Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;
- Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;
- Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;
- Facebook must establish, implement, and maintain a comprehensive data security program;
- Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext; and
- Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.
Facebook made $55.8 billion in 2018, according to the FTC.
The company has not yet commented publicly about the fine.