The US Federal Trade Commission (FTC) has voted to fine Facebook US$5 billion. News of the fine came from the Wall Street Journal who cites sources inside the FTC. This is the biggest fine ever issued by the FTC against a technology company, dwarfing the $22 million it levied against Google in 2012. The fine relates to the Cambridge Analytica scandal and completes an investigation that started back in March 2018.
For over 99% of companies on the planet, a $5bn fine would be a business ending issue. Not so for Facebook who, in its last reported quarter, made over $15bn. Moreover, when Facebook warned investors that it was expecting this fine back in April, its share price jumped 5%. News of the fine led to another smaller jump in the share price.
What is the fine for?
In 2018, the news broke that a research company, Cambridge Analytica, had used data harvested from Facebook for political advertising. The researcher at the heart of the Cambridge Analytica scandal was able to access the data of over 85 million users. The data was taken without the consent of users and the vast majority of that data came from people who had no interaction at all with Cambridge Analytica.
It is claimed that Cambridge Analytica used the harvested data to influence elections in several countries, including the US. The claims come from Christopher Wylie who leaked the information to the media.
While Facebook took no active part in the way data was collected, it also took no steps to prevent it. This lack of monitoring and protection of user data was the basis for the UK ICO fining Facebook UK £500,000 in October 2018.
Is this the end of the matter?
Who knows. There are several other countries who are still investigating Facebook over this issue but none are likely to issue a fine of this magnitude. That is partly because the number of users in their countries who were affected is low and partly because their legal frameworks don’t allow for such large fines.
The FTC has yet to issue its full judgement. What we know so far has come from sources speaking to US media. It may be that we see a set of further steps that will inconvenience Facebook.
An example of what it can do is the judgement earlier this month against router and device manufacturer D-Link. In that case the company has been order to make security enhancements to its products. It also agreed to security audits that will last until 2030. Such an action against Facebook would be a significant undertaking and one that would send a message to the whole software industry.
The FTC could also impose other restrictions on Facebook especially in how it gathers and uses personal data for its advertising business. This would impact Facebook’s revenue model as ads would be far less targeted. Such a move would also open the door for action against other companies such as Google who also gather vast amounts of personal data and use it to micro-target advertising at individuals.
Enterprise Times: What does it mean
Facebook has already allowed for this fine in its accounts. It will simply shrug it off and get on with business as usual. In the last year, Zuckerberg has gone on record saying that Facebook recognises its shortcomings and is working to fix them. Whether that is true, only time will tell.
If the FTC really wants to send a message to Facebook and the whole tech industry, it must do much more than just fine Facebook. It needs to show that its actions have created a change in the way the company deals with user data. That can only be done by reviewing the way the company manages and protects data.
The FTC is not the only regulator looking closely at Facebook. It got off very lightly in Europe as this was treated as a historical offense and not a GDPR breach. Even there, this fine is larger than the maximum under GDPR which, based on Facebook’s earnings, would have been between €2.5bn and €3bn.
For now, Facebook and its shareholders will be celebrating this fine as a win for them as it will have no material impact on the business.