On July 24, 2019, the Federal Trade Commission (“FTC”) handed Facebook a $5 billion penalty for continuously misrepresenting to its users how it was sharing their personal data. The $5 billion penalty is the largest civil penalty imposed for a data privacy violation and puts companies on notice that the FTC is serious about how companies collect, use and share personal data. Pursuant to the terms of the settlement agreement, in addition to the $5 billion penalty, Facebook is required to: 1) create a new Board of Directors committee focused solely on privacy-related risks and compliance matters (effectively removing decisions involving consumer privacy from Facebook CEO Mark Zuckerberg); and 2) submit quarterly certification reports attesting to the fact that Facebook is in compliance with the FTC order and Facebook’s privacy program. These measures have been implemented as a result of Facebook’s violation of a 2012 settlement order with the FTC, the Cambridge Analytica scandal, and other general allegations of user data mishandling.
What were the terms of the 2012 consent order?
2012 Alleged Data Privacy Violations
In 2012, the FTC alleged that Facebook was deceiving users by sharing the personal information of their “friends” with third-party app developers. In response to these allegations, the FTC and Facebook ultimately entered into a settlement agreement that required Facebook to: 1) provide users with clear and prominent notice concerning how Facebook was sharing personal information; 2) obtain express consent before sharing user information beyond their privacy settings; 3) maintain a privacy program to protect the privacy and confidentiality of user information; and 4) permit biennial privacy audits of its consumer data privacy practices to be conducted by an independent third-party. The most recent allegations include, among other alleged violations, that it took Facebook just four months to violate the settlement order by removing disclosures from its privacy settings that it was sharing data with third party developers.
Beware of Data Privacy Violations
Data privacy violations can bring on a regulatory investigation by the FTC or a state attorney general. This ground-breaking settlement figure is illustrative of the fact that the FTC believes that privacy and data security concerns are of paramount public concern and should be penalized when violated. In order to minimize operating risk, it is critical to engage knowledgeable legal counsel prior to collecting, using and sharing consumer personal information.
If you are interested in learning more about this topic, need to review your marketing practices or if you are facing a data privacy violation investigation by the FTC or a state attorney general, please e-mail us at firstname.lastname@example.org, or call us at (212) 246-0900.
The material contained herein is provided for information purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Similar Blog Posts: