Following a lengthy negotiation process that took months, today Facebook has agreed to pay a $5 billion fine to the US Federal Trade Commission (FTC) for user data privacy violations. The FTC’s inquiry started after the Cambridge Analytica scandal last year, which harvested the personal data of millions of Facebook users without their consent and used it for political advertising purposes.
As part of the settlement, Facebook is promising to employ much better data privacy safeguards in the future. In the company’s own words:
We will be more robust in ensuring that we identify, assess and mitigate privacy risk. We will adopt new approaches to more thoroughly document the decisions we make and monitor their impact. And we will introduce more technical controls to better automate privacy safeguards.
Facebook is currently reviewing its systems, looking for issues related to privacy leaks, and will “work swiftly to address them” once they’re found. It also says it will be “more diligent” in how it monitors for abuse, and will require developers to be accountable for the way they use data and comply with its policies.
The company claims its two driving concepts from now on will be “transparency and accountability”, with quarterly certifications verifying that its privacy controls are working. This process “stops at the desk” of Mark Zuckerberg, who will personally “sign his name to verify” that Facebook did what it said it would.
There’s also going to be a new committee of Facebook’s board of directors meeting quarterly to ensure it’s living up to its privacy-related commitments. This committee will be informed by an independent privacy assessor, whose job it is to review the privacy program and report to the board when they see opportunities for improvement.
The FTC and the US Justice Department will have “clear lines of sight at any given point” into how effectively Facebook is meeting its new responsibilities, and the company will even expand its efforts to gain input from outside experts to make sure everything is safe and sound when it comes to user data.
Additionally, Facebook agreed to pay a $100 million penalty to the US Securities and Exchange Commission, for failing to say enough about the Cambridge Analytica data abuse in its investor disclosures, once it discovered, in late 2015, that a developer had transferred user data to Cambridge Analytica in violation of its policies.
All of this sounds very good, but only time will tell if Facebook has truly learned its lesson and will stop playing fast and loose with its users’ private data.