The Federal Trade Commission confirmed on Wednesday it has agreed to a settlement by Facebook for violating consumer privacy in the Cambridge Analytica scandal, with the social network paying a $5 billion penalty and agreeing to new restrictions.
Reports of the settlement originally surfaced on July 12, with the FTC voting 3-2 to agree to the settlement. In a release issued on Wednesday, the FTC confirmed the settlement was agreed upon, is valued at $5 billion, and that Facebook has agreed to changes to how it operates and a modified corporate structure "that will hold the company accountable for the decisions it makes about its users' privacy."
The fine will settle the FTC charges Facebook violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information.
The $5 billion fine is the largest imposed by the FTC on a company for violating a consumer's privacy, and is also the largest penalty for privacy or data security violations in the world. For comparison, the CFPB and States against Equifax privacy enforcement action saw the exchange of a $275 million fine, and the US versus Uber resulted in a $148 million fine.
Along with the financial penalty, Facebook is also ordered to restructure its approach to privacy from the corporate board-level down, creating multiple channels of compliance, and introduces new mechanisms to ensure executives are accountable for privacy decisions.
"Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers' choices," said FTC Chairman Joe Simons. "The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook's entire privacy culture to decrease the likelihood of continued violations."
Simons continued "The Commission takes consumer privacy seriously, and will enforce FTC orders to the fullest extent of the law."
Notably, the FTC is holding executives for Cambridge Analytica accountable. It is not doing the same for Facebook executives.
Facebook's statement on the settlement advises "The agreement will require a fundamental shift in the way we approach our work and it will place additional responsibility on people building our products at every level of the company. It will mark a sharper turn toward privacy, on a different scale than anything we've done in the past."
The statement goes on to proclaim the company has made "large strides on privacy," insists it will be "more robust in ensuring we identify, assess, and mitigate privacy risk," and to acquire more input from experts outside the organization to tackle the issues.
At the same time as announcing the Facebook fine, the FTC also revealed it has sued Cambridge Analytica, as well as filing settlements for public comment with the firm's former chief executive Alexander Nix and developer Kogan. Both have agreed to administrative orders restricting how they conduct any business in the future, and requiring them to delete and destroy any collected personal information.
The FTC investigation commenced in March last year following the revelation Analytica and Cambridge University researcher Aleksandr Kogan used a quiz app on the social network to collect data on users and their connected friends, with the latter performed without consent. Analytica used the data to build voter profiles for some 71 million Americans and a small amount of overseas FaceBook users.
Clients of Analytica included the 2016 Presidential campaigns of Donald Trump and Ted Cruz, and Mexico's Institutional Revolutionary Party during Mexico's 2018 general election. The infringement of rights and the political use drew scrutiny from governments in both the United Kingdom and the United States.