US Federal Trade Commission today imposed a record breaking $5 billion penalty on Facebook for violating the 2012 FTC order by deceiving users about their ability to control the privacy of their personal information.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” said FTC Chairman Joe Simons. “The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations. The Commission takes consumer privacy seriously, and will enforce FTC orders to the fullest extent of the law.”
Responding to FTC’s fine, Facebook said that it will require a fundamental shift in the way they approach their work. From now on, Facebook is going to follow a rigorous design process and individual certifications intended to ensure that its privacy controls are working. Facebook has also formed a committee among its board of directors that will meet quarterly to ensure Facebook is living up to its commitments. You can read Facebook’s full response from the source link below.
Facebook CEO Mark Zuckerberg posted the following on his Facebook page regarding FTC’s fine.
We’ve formally reached a settlement with the Federal Trade Commission about privacy. We’ve agreed to pay a historic fine, but even more important, we’re going to make some major structural changes to how we build products and run this company.
We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.
As part of this settlement, we’re bringing our privacy controls more in line with our financial controls under the Sarbanes-Oxley legislation. Our executives, including me, will have to certify that all of the work we oversee meets our privacy commitments. Just as we have an audit committee of our board to oversee our financial controls, we’ll set up a new privacy committee of our board that will oversee our privacy program. We’ve also asked one of our most experienced product leaders to take on the role of Chief Privacy Officer for Products.
To implement this, we’ll have to review our technical systems to document any privacy risks and how we’re handling them. Going forward, when we ship a new feature that uses data, or modify an existing feature to use data in new ways, we’ll have to document any risks and the steps we’re taking to mitigate them. We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work. And we expect it will take longer to build new products following this process going forward.
Overall, these changes go beyond anything required under US law today. The reason I support them is that I believe they will reduce the number of mistakes we make and help us deliver stronger privacy protections for everyone.
As we build our privacy-focused vision for the future of social networking that I outlined earlier this year, it’s critical we get this right. The next focus for our company is to build privacy protections as strong as the best services we provide. I’m committed to doing this well and delivering the best private social platform for our community.