Facebook and the Federal Trade Commission have reached a settlement: the social network will have to pay a record $5 billion fine and, work harder to secure its users’ information.
After a yearlong investigation by the FTC, which alleged Facebook took “inadequate steps to deal with apps that it knew were violating its platform policies.” Today Facebook has agreed to pay a fine 20 times larger than the previous record.
FTC Chairman Joe Simons said in a statement:
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices. The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations. The Commission takes consumer privacy seriously, and will enforce FTC orders to the fullest extent of the law.”
On top of the fine, the FTC is also requiring Facebook to implement a number of new policies to protect user data and prevent any future issue with privacy:
- Creating oversight over third-party apps, which will include terminating developers that don’t comply with Facebook’s privacy policies.
- Banning the use of telephone numbers used for security for advertising.
- Providing “clear and conspicuous notice” of the use of facial-recognition technology and requiring consent from users before using it for anything that “materially exceeds its prior disclosures.”
- Establishing, implementing and maintaining a “comprehensive data security program.”
- Encrypting user passwords and regularly scanning to detect whether any where stored in plaintext.
- Banning Facebook from asking for email passwords when they sign up for the social network’s services.
The FTC is also ordering Facebook to create an independent privacy committee of Facebook’s board of directors, to prevent CEO Mark Zuckerberg from having “unfettered control” over the company’s decisions about user privacy.