Did you hear about the huge data-privacy violation of over 87 million users that came to light in March of 2018? It is just one of many problems Facebook admitted to and issued apologies for in 2018. So why are we hearing about it again now? Last week, the Federal Trade Commission issued a $5 billion fine to Facebook for the fiasco, and Facebook has agreed to pay it, expressing its desire to do and be better. This is a part of Washington’s effort to rein in tech companies’ overextending power.
But the $5 billion fine isn’t the only thing that Facebook is agreeing to; the FTC also stipulated that Facebook create an independent privacy committee–a sub-committee of the board of directors–to oversee new changes that Facebook makes. Facebook also agreed to sign regular certifications about it’s actions towards user privacy. At the same time, the Securities and Exchange Commission announced that Facebook will be paying another fine of $100 million for “making misleading disclosures regarding the risk of misuse of Facebook user data,” referring to the same privacy violation as the FTC.
There has been some concern raised since the settlement has been announced, and here are the answers to some common questions about it:
Why is Facebook being fined?
The FTC is calling Facebook responsible for the unauthorized access of the data of more than 87 million users. A third party Facebook app, GSR, who had access to this information, sold it to Cambridge Analytica, who then used it to create targeted ads in the 2016 Presidential Election. The app was for a personality quiz, and had access to information like users’ names and their connections. Cambridge Analytica reported that no data was used and was deleted, but insiders say otherwise. Facebook is responsible because
This fine is also in consequence of allegations from the FTC that Facebook violated another settlement which it made with the FTC in 2012, which stated that “Facebook must honor consumers’ privacy choices.”
The FTC is also saying that Facebook did not “adequately assess and address privacy risks posed by third-party developers” as well as deceived some users by implying that a facial recognition service wasn’t enabled by default, when, in fact, it was.
The final nail in Facebook’s coffin was the complaint that they used phone numbers that users provided to Facebook for security purposes to target ads.
What do people think about the settlement?
There are mixed opinions about the FTC-Facebook settlement. Senator Edward Markey, from Massachusetts said, “a $5 billion fine may appear large, but it amounts to a slap on the wrist in comparison to the revenue that Facebook rakes in.” He and others are also concerned about the lack of safeguards created to inhibit further privacy violations. Senator Josh Hawley from Missouri tweeted, “This settlement does nothing to change Facebook’s creepy surveillance of its own users & the misuse of user data.”
The Electronic Privacy Information Center (EPIC) also thinks that $5 billion is not enough and has challenged the settlement, saying that it was not “ adequate, reasonable, or appropriate.” EPIC also stated that the settlement would dissolve 26,000 complaints by consumers pending at the FTC, and asked that they (EPIC—and others who wished) be heard before the finalization of the settlement.
Some, however, are satisfied with the decision, as was indicated by the rise in Facebook’s stock after the announcement of the settlement. Facebook users don’t seem too concerned about it either with Facebook still reporting high usage of their platform–2.41 billion users monthly logging in to facebook.
What does this mean for our data?
If Facebook’s choices in the past are any indication of how they will act moving forward, we should remain skeptical that improvements will be made to their privacy policies. However, Facebook remains apologetic and affirms its willingness to comply with the settlement. About the new changes the FTC is requiring Facebook to make, Zucherberg said, “We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.” A statement from three members the FTC, Christine Wilson, Noah Phillips, and Joseph Simmons, is also comforting, saying that Zuckerberg and the compliance officials would be personally accountable for inaccurate certifications, answering to civil and criminal penalties.
If Facebook does fulfill its promises to comply with the stipulations from the FTC in the settlement, we can see some positive improvements in Facebook’s actions with user privacy, including being more transparent about what data is sold to other entities, and more in-depth screening of 3rd party applications on Facebook.
However, if Facebook does not comply with the settlement, users of Facebook can expect to find their data in places they don’t suspect (although they should). For example, with the current screening process for 3rd party apps, it would be easy for cyber criminals to create an app and capture user information.
Our tip of the day? Be cautious which apps you are using on Facebook and double check your privacy settings. How much do you value your data?