For the past eight years, Facebook has managed to evade the full wrath and fury of U.S. regulators – but that appears to be changing now that the Federal Trade Commission (FTC) has just issued a record-setting $5 billion fine against the Silicon Valley giant. The size of the fine far eclipses the previous largest fine against a major tech company: a $22.5 million fine against Google for its privacy practices. The Facebook fine is a penalty for privacy breaches related to the Cambridge Analytica scandal, which first came to light in early 2018. The big question now is whether regulators acted strongly and swiftly enough in order to deter Facebook from future privacy abuses.
Debate over the size of the Facebook fine
Despite the massive, unprecedented size of the Facebook fine, the overall response from privacy advocates, politicians and security experts is that regulators did not act nearly strongly enough. When considered in the overall context of Facebook revenues and profitability, the FTC essentially slapped Facebook on the wrist with a fine. Consider, for example, that Facebook is now so big that it is posting $15 billion in revenue per quarter. On an annual basis, Facebook is making $22 billion in profits. From that perspective, a $5 billion Facebook fine won’t even make a dent in the company’s overall profitability or force the company to make any real changes in how it approaches user privacy and data.
Certainly, Wall Street investors took a very positive view of the Facebook fine. You would think that a massive $5 billion fine would be enough to punish the company in the stock market, and lop off billions of dollars of stock market value. However, just the opposite happened. Once news of the Facebook fine broke in the Wall Street Journal and started to appear in mainstream media publications like the New York Times, investors immediately bid up the value of Facebook stock, with the company’s shares quickly surging before settling down for a modest one percent gain.
From the perspective of investors, Facebook’s executive team led by CEO Mark Zuckerberg had done a phenomenal job of preparing the stock market for the forthcoming Facebook fine. In April 2019, CEO Mark Zuckerberg had warned that the company might be facing regulatory penalties of anywhere from $3 billion to $5 billion, and the company took a multi-billion dollar charge as it reported its first quarter earnings. Thus, when the news of the Facebook fine broke, investors were prepared for the worst.
As a result, national politicians were quick to jump into the fray, loudly proclaiming that regulators had not done nearly enough to deter Facebook. For example, U.S. Senator Ron Wyden, a noted privacy rights advocate, said that the FTC “failed miserably” in its response. Presidential candidate and U.S. Senator Elizabeth Warren described the Facebook fine as a “drop-in-the-bucket penalty” and warned that Facebook had become “too big to oversee.” Congressman David Cicilline said that the FTC had delivered to Facebook “a Christmas present 5 months early.” And U.S. Senator Mark Warner, eager to press forward with sweeping new privacy legislation, proclaimed that “it’s time for Congress to act” in order to protect consumers.
The good news is that this Facebook fine could help to set a new regulatory precedent. According to Pravin Kothari, Founder and CEO of CipherCloud: “The situation with Facebook is an eye opener and has brought considerable attention to data privacy requirements. We’ll see more and more regulators ‘bring the hammer down’ and levy some of the largest fines ever seen in an effort to drive data privacy and raise awareness. This time it’s the FTC, the next could be GDPR or the upcoming California Consumer Privacy Act, followed by many other privacy regulators worldwide.”
Details of the FTC settlement with Facebook
The FTC fine still needs to be reviewed by the U.S. Justice Department, so it’s possible that some last-minute revisions might still be forthcoming to the full terms of the FTC settlement with Facebook. In addition to the Facebook fine, there will be additional terms to help protect consumers. For example, Facebook will need to document how it plans to use data any time it launches a new product. And CEO Mark Zuckerberg will need to provide a legally binding promise about the company’s efforts to safeguard user privacy.
However, there’s a lot of unfinished business to address, according to insiders familiar with the matter. For example, the FTC settlement won’t actually break up Facebook into smaller entities that would be (theoretically, at least) easier to oversee and regulate. And the FTC settlement won’t force Facebook to make any major changes to its very lucrative advertising business. And, indeed, it looks like the final FTC settlement won’t even force Facebook to change any of the details of how it shares user data with third parties (such as shadowy data brokers). As long as Facebook is allowed to crank out billions of dollars of profit per quarter, it’s reasonable to assume that Facebook will not make any real changes to its underlying business model. Yes, the $5 billion Facebook fine might force the company to re-think upcoming business initiatives (such as the launch of its new Libra cryptocurrency), but does anyone really think that Facebook will make changes to its digital advertising model that relies on sharing data with as many entities as possible?
Short-term and long-term impact of Facebook fine
Judging by the slim 3-2 vote at the FTC that led to the fine that broke along party lines (with Republicans voting for the fine and Democrats voting against the fine), there’s still not any real political consensus about how to regulate Facebook. Do you regulate Facebook as a media company? Or as a communications company? Is it enough just to assess massive fines and penalties, or do politicians in the U.S. Congress need to put sweeping new federal legislation into place?
Daniel Castro, Vice President at Information Technology and Innovation Foundation (ITIF), comments on the current regulatory landscape for tech companies: “Critics have long said the United States lags Europe and other parts of the world in digital privacy regulation and that Congress should enact an expansive new data protection law. But the FTC’s record-setting fine makes it impossible to ignore that the U.S. system works. U.S. privacy regulations have teeth, and they can be used aggressively when needed. But the United States has rightly avoided the heavy-handed regulations that stifle digital innovation in other parts of the world. Rather than take a wrecking ball to the existing data privacy laws or allow states to enact a patchwork of conflicting rules, Congress should build on the solid foundation that exists today by passing federal privacy legislation that strengthens the FTC’s enforcement capabilities, preempts states, and streamlines regulations.”
Republicans have traditionally been advocates of pro-business policies and approaches, and that typically includes a “light” approach to regulation. So it’s not out of the question that a Republican-led FTC, under direction from the Trump administration, will be unwilling to assess similar fines in order to protect users. Doing so might alienate their core business base. From a long-term perspective, it’s clear that something needs to change in how the U.S. government regulates technology companies, especially when it comes to user privacy and data. For nearly 8 years, Facebook was allowed to grow unchecked and largely unregulated. Now is the time for sweeping new privacy legislation to rein in the big Silicon Valley tech giants.