Even in the year 2019, $5 billion is a lot of cash. The Federal Trade Commission’s penalty against Facebook in that amount for enabling Cambridge Analytica’s infamous waggery – resulting in the release of 50 million users’ personal data for political purposes – is the largest ever imposed on any company for violating consumer privacy. It’s 20 times bigger than any imposed anywhere in the world, the FTC boasted. But when you’re making $56 billion a year, some would say, you cut the check then buy yourself another island.
While Facebook’s “parking ticket” – as one critic called it – may not prompt dramatic and immediate change at Facebook, regulators, legislators, and especially Democratic political candidates are signaling their seriousness about shaking things up.
Dissenting commissioners at the FTC said CEO Mark Zuckerberg and COO Sheryl Sandberg personally should not have been granted immunity, and even questioned the legitimacy of the very business model that makes companies like Facebook so successful.
You couldn’t blame the leaders at Facebook and other platforms for losing a little shut-eye.
The DOJ is reviewing whether Facebook and other leading online platforms achieved and continue maintain their market power through illegally anticompetitive schemes. And, the Wall Street Journal has reported, the FTC is investigating whether Zuckerberg and his team bought out tech startups to keep them from competing with Facebook.
“The tech giant has acquired about 90 companies over roughly the last 15 years, according to data compiled by S&P Global. Among those companies are the photo-sharing app Instagram and the messaging service WhatsApp, which bolstered Facebook as a dominant force in social media and messaging,” according to an August 1 article by WSJ reporters Brent Kendall, John D. McKinnon and Deepa Seetharaman.
Acquiring new technologies and innovative companies can be part of a great growth strategy, just not when the purpose is to snuff them out.
More bad news for Facebook.
After a yearlong FTC investigation, the DOJ is suing Facebook for allegedly using deceptive disclosures and settings to undermine users’ privacy preferences in violation of a 2012 FTC order. These tactics allowed the company to share users’ personal information with third-party apps that were downloaded by users’ “friends.” The FTC alleges that many users were unaware that Facebook was sharing such information, so they didn’t know they could or needed to opt-out. The FTC says Facebook took inadequate steps to address apps that it knew were violating privacy policies.
When you are not only the face of a global conglomerate but insist on it, you are bound to draw attention.
The FTC stripped Zuckerberg of his “unfettered control” over Facebook’s privacy policies, ordering that he be replaced in that role with an independent privacy committee from the board of directors who will designate compliance officers. “These compliance officers will be subject to the approval of the new board privacy committee and can be removed only by that committee—not by Facebook’s CEO or Facebook employees,” the FTC said. Zuckerberg and compliance officers must independently submit quarterly certifications that the company complying with the program and annual compliance certifications. “Any false certification will subject them to individual civil and criminal penalties,” the FTC said.
Zuckerberg and Sandberg received plenty more unwanted attention from two dissenting FTC commissioners, Rohit Chopra and Rebecca Kelly Slaughter. They believe that not only was the $5 billion a light touch, so were the ramifications for the powerful CEO/COO duo.
“When executives at large companies exercise control over decisions, including decisions to break the law, they should be held accountable the same way executives at smaller companies are,” Slaughter wrote. “I believe the deterrence value of naming an individual defendant where the facts support doing so can be significant; the risk of liability can motivate both a named individual defendant and other executives in the market into ensuring a culture of compliance.”
“The grant of immunity for Facebook’s officers and directors is a giveaway,” Chopra wrote. “Facebook’s officers and directors were legally bound to ensure compliance with the 2012 order, yet the proposed settlement grants a gift of immunity for their failure to do so. The Commissioners supporting this settlement do not point to any documents or sworn testimony to justify this immunity.”
Chopra said it is entirely appropriate to charge directors and officers personally when they have broken the law themselves or allowed subordinates to act illegally. He said the FTC has held officers personally liable for civil penalties in similar cases.
“The insufficient scrutiny of these individuals deviates from FTC practice and Department of Justice guidelines. When it comes to small firms, Commission staff routinely investigates, deposes, and charges individual executives – including for privacy violations,” Chopra wrote. “Americans should ask why Mark Zuckerberg, Sheryl Sandberg, and other executives are being given this treatment, while leaders of small firms routinely face investigations, hearings, and charges. Law enforcement should enforce the law equally.”
Chopra said Facebook’s violations were not only enabled by leadership but by the behavioral advertising business model itself. Facebook “monetizes user behavior through mass surveillance,” the commissioner said, adding that Cambridge Analytica’s tactics reflected Facebook’s practices — “tricking users into sharing excessive amounts of personal data and then getting paid by third parties to target individual users.” The settlement does not change the company’s business model, he said, adding that it also poses a “dangerous threat” to our democracy and the economy.
Whether the $5 billion fine is adequate is debatable. On one hand it is record breaking, but on the other hand it is just one month of revenues. Similarly, while requiring Facebook to obtain “purpose and use” certifications from developers using Facebook user data is a positive step, the FTC could have taken the opportunity, for example, to limit the level of access Facebook may grant to developers once disclosure is made. But one thing is certain: Facebook’s problems did not end with the fine.
This article was edited by Tom Hagy for MoginRubin.