Here are the details of the FTC's $5 billion settlement with Facebook
The Federal Trade Commission’s record-breaking settlement with Facebook will slap the company with a $5 billion fine and grant regulators exceptional oversight of the company’s business practices. But the FTC’s two Democratic commissioners, Rohit Chopra and Rebecca Kelly Slaughter, voted against the order and issued a warning that the fine was too small and the remedies should have gone farther. While the settlement winds down the FTC’s sweeping sixteen-month probe, it’s likely to trigger greater examination of whether the country’s top privacy cop is able to hold tech giants accountable. Facebook didn’t have to admit guilt for its transgressions as part of the settlement, and some have serious concerns about whether the settlement will actually make Facebook change its ways. Here's what you need to know about the FTC settlement's new requirements for Facebook:
- Facebook must create a new independent committee within its board of directors to oversee its privacy decisions -- a move the FTC says is intended to limit Zuckerberg’s unilateral power.
- The company must appoint compliance officers who will oversee the company’s privacy practices. These officers, along with Zuckerberg, must independently certify to the FTC that Facebook is complying with the settlement. Any false certification could result in fines.
- For the next 20 years, a third-party organization will review Facebook’s data-collection practices -- including its other services, Instagram and WhatsApp.
- Facebook must conduct a privacy review of every new or modified product, service, or practice, and document any decisions about how those efforts impact privacy.
- When the data of 500 or more users is compromised, Facebook needs to notify the FTC and the third-party organization within 30 days of the incident.
- Facebook has to do more to police third-party apps, including banning app developers that do not certify they are complying with Facebook’s policies.
- When Facebook collects a phone number for security reasons like two-factor authentication, it can’t use that number for advertising.
- Facebook needs to notify users when it’s applying facial recognition technology -- and get affirmative consent when it’s using it in ways that expand beyond what it's previously told consumers.
- The company must encrypt passwords and regularly check if any passwords are stored in plaintext.
- When people sign up, Facebook can’t ask for email passwords to other services.
Here are the details of the FTC's $5 billion settlement with Facebook