Following a year-long investigation into Facebook’s role in the Cambridge Analytica privacy saga (which we have written about previously here), the US Federal Trade Commission (FTC) and Facebook have reached a settlement whereby Facebook will be required to pay US $5.1 billion for violating a previous settlement order with the FTC.
Although the amount of US $5.1 billion has taken out the record for the largest privacy fine in history (being 20 times greater than the largest privacy/data security penalty previously imposed worldwide), critics including the two Democrats who opposed the settlement are not satisfied, claiming that it did not go far enough.
Significantly, the settlement does not require Facebook to make meaningful changes to its business model and the way it operates, allowing it to continue harvesting user data and targeting users through its powerful advertising business. This is in stark contrast with Australia’s recent recommendations made by the competition and consumer regulator in its digital platforms inquiry where it makes economy-wide recommendations that will impact current business practices (which we outline below and further summarise here).
In addition to paying a US $5.1 billion fine, which equates to only nine per cent of its 2018 revenue, Facebook will be required to make various improvements to the way it approaches data privacy, including through greater involvement and oversight at the most senior levels. Specifically, Facebook must:
Although these requirements go some way to ensuring oversight of Facebook’s compliance with its privacy program, the issue remains that Facebook itself will be creating its own privacy program to comply with.
More to come?
It is unlikely that it will end here for Facebook – it has also agreed to pay US $100 million to the Securities Exchange Commission for misleading its investors and is subject to ongoing investigations, including by the FTC for antitrust violations and European data protection authorities for contravening the General Data Protection Regulation potentially exposing Facebook to further hefty fines.
Not so fine in Australia
The FTC settlement with Facebook is very different to the recent recommendations made by Australia's competition and consumer regulator in its digital platforms inquiry where it expressly acknowledges the impact of the digital giants’ business operations on privacy, competition and consumer protection issues. The ACCC's recommendations, if implemented, will force changes to current business practices economy-wide. Key recommendations include:
Although Facebook was not required to make fundamental changes to its business model, it would be an opportune time for organisations reliant on user data to review and re-think their business models for privacy compliance in order to ensure long-term success and sustainability. Australian businesses economy-wide (including Facebook), will also need to do this in light of the ACCC’s recommendations once implemented, but for a wider range of issues including privacy, consumer and competition considerations.
Authors: Lisa Fitzgerald & Alicia Bray
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources.
Published by Lisa Fitzgerald, Alicia Bray