The Federal Trade Commission is negotiating a potentially record-high fine against Facebook for misleading users on its privacy practices.
Initial reports of the multibillion-dollar fine emerged last week. The fine would be the highest the FTC has ever levied against a technology company.
The reports of the fine have not been officially addressed or confirmed by the FTC or Facebook, but two individuals speaking on condition of anonymity with the Washington Post said that if the fine were to be imposed, it would settle the FTC’s ongoing investigation into Facebook.
The social media giant confirmed it continues to cooperate with the federal agency, but would not comment on whether or not there were negotiations over such a hefty fine.
In March 2018, the FTC opened its investigation into whether Facebook failed to honor its privacy promises and whether the company engaged in unfair acts that caused substantial injury to consumers in violation of the FTC Act, which outlaws unfair methods of competition.
Since Facebook has admitted that millions of Americans were likely affected by privacy breaches, a multibillion-dollar penalty could very well be within the limitations of an FTC fine.
“Each violation of an order may result in a fine of more than $41,000. Facebook has acknowledged that more than 70 million Americans were likely affected, so a multibillion-dollar fine would be well within the FTC’s authority,” the coordinator of the Privacy Coalition at the Electronic Privacy Information Center, Christine Bannan, said.
However, Bannan believes that this fine would not be enough to deter Facebook from engaging in unethical privacy practices that allow third parties to harvest users’ information.
“How the FTC handles this case will likely have a significant influence on the privacy debate in Congress,” Vice President of the Information Technology and Innovation Foundation Daniel Castro said.
“But there is also an important question about whether the FTC’s practice of obtaining consent orders and then enforcing those is the right approach, or whether there should be more standardized practices for how to handle consumer[s].”
The FTC is permitted to police the future actions of a company like Facebook only after a consent decree with the company has been signed. Facebook’s consent order was finalized in 2011, giving the FTC broad authority over the company for 20 years.
Facebook CEO Mark Zuckerberg appeared before Congress in April 2018 where he faced questions over Facebook’s privacy practices, especially after the scandal involving Cambridge Analytica, where several million users’ personal data was compromised.
Because Facebook allowed third-party developers to harvest user data, Cambridge Analytica was able to use American Facebook users’ information to target ads for the 2016 presidential campaign. Facebook is also being investigated by the U.K. Parliament because British user data was compromised and used in targeted ads in the run-up to the Brexit vote.
“Mark Zuckerberg had a lot of chutzpah telling Congress that Americans could control their data, when seemingly every other week Facebook faces a new privacy scandal for abusing our personal information,” Sen. Ron Wyden, D-Ore., said in a statement in December 2018.
Wyden believes it is Congress’ job to do something about Facebook’s handling of American users’ messages, locations, likes, and personal information. The conclusion of the FTC’s investigation could influence congressional action in tech privacy.
Previously, the largest fine levied by the FTC on a tech company was $22.5 million on Google, which it paid to settle a probe in 2012 after charges that it misrepresented privacy assurances to users of Apple’s Internet browser, Safari.
