FTC Imposes Historic $5 Billion Penalty and Sweeping Privacy Restrictions on Facebook

Federal Trade Commission (FTC)

Written By ESR News Blog Editor Thomas Ahearn

On July 24, 2019, the Federal Trade Commission (FTC) – the nation’s primary privacy and data security enforcer – imposed a historic $5 billion penalty and sweeping privacy restrictions on Facebook, Inc. to hold the company accountable for decisions made about the privacy of users, according to an FTC press release.

Along with the record-breaking $5 billion penalty, Facebook will submit to new restrictions and a modified corporate structure to settle FTC charges that the company violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information.

The $5 billion penalty against Facebook is the largest ever imposed on a business for violating the privacy of consumers and almost 20 times greater than the largest data security penalty ever imposed worldwide, and one of the largest penalties ever assessed by the U.S. government for any violation.

The settlement order also requires Facebook to restructure its approach to privacy from the corporate level down and establishes strong new mechanisms to ensure that Facebook executives are accountable for the decisions they make about privacy, and that those decisions are subject to meaningful oversight.

More than 185 million people in the United States and Canada use Facebook on a daily basis, and Facebook monetizes user information through targeted advertising, which generated most of the company’s $55.8 billion in revenues in 2018, according to the press release from the FTC.

“The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations,” said FTC Chairman Joe Simons.

The FTC also enforces the EU-U.S. Privacy Shield Framework used when personal data is transferred from the European Union (EU) to the United States (U.S.). In June 2019, the FTC reached a settlement with a background screening company over a false claim of being a participant in the Privacy Shield program.

The EU-U.S. Privacy Shield Framework – which officially launched on August 1, 2016 – replaced an international agreement called “Safe Harbor” that was invalidated by a European Court of Justice ruling on October 6, 2015. The official Privacy Shield Framework website is at www.privacyshield.gov.

Employment Screening Resources® (ESR) – a leading global background check provider – adheres to FTC regulations for privacy and data security and was one of the first adopters of the EU-U.S. Privacy Shield Framework which the FTC helps to enforce. For more information about ESR, visit www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2019 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.