So Facebook has to pay a $5 billion fine for playing it loose with users’ privacy. But don’t expect that to change how Facebook looks and feels to you, some experts say.
Facebook’s record $5 billion fine, part of its settlement with the Federal Trade Commission announced Wednesday, will require the social network to adopt stricter privacy and security measures. The FTC’s action stems from the 2018 Cambridge Analytica scandal, in which as many as 50 million Facebook users’ data was misused.
The FTC expects “things to change fairly dramatically” on the social network, said James Kohm, the FTC’s associate director for the division of enforcement, on Wednesday in response to a question during a news conference about the settlement.
“There will be very clear disclosures about how Facebook is going to use consumer information,” Kohm said.
But many privacy experts – and some in Congress – question whether Facebook’s nearly 2.4 billion monthly users will see any difference at all.
Goodbye to Apple’s iPhone 6: So now what should I buy as a budget option?
UPS partners up: UPS to get space in CVS, Michaels, Advance Auto Parts stores for package shipping, pickup
“I don’t think they will,” said Justin Brookman, director of consumer privacy and technology policy for Consumer Reports. “It will rein in some marginal practices, but by and large it is not going to change how Facebook does business day to day.”
CEO Mark Zuckerberg, in a post on Facebook, said the social networking giant would need to deploy “hundreds of engineers and more than a thousand people across our company to do this important work.” Its agreement with the FTC would result in “some major structural changes to how we build products and run this company,” he said.
A new system of corporate and external checks and balances required by the FTC is meant to “decrease the likelihood” of future violations, FTC Chairman Joe Simons said. Facebook said it would be building more privacy measures into its products, as well as additional monitoring of how connecting apps use data.
The FTC also requires the creation of a new privacy committee with independent board members who cannot be removed without a two-thirds vote of Facebook shareholders. Zuckerberg and designated compliance officers each must submit individual quarterly compliance reports to the FTC.
These “significant internal controls” may not be apparent to users, said Mike Chapple, professor of information technology analytics and operations at the University of Notre Dame’s Mendoza College of Business. “Some of the changes will, however, change the way that users interact with Facebook.”
The order requires that Facebook receive “affirmative, express consent” from users before sharing any private information with third parties, Chapple said. That likely means some ratcheting up of the privacy and app blocking options Facebook offers today under its Settings.
This measure “will likely reduce the amount of information sharing that takes place and give users proactive control over their own information,” Chapple said. “The end result is that consumers are going to be hearing more about privacy from Facebook and be given more direct control over how their information is shared.”
But the FTC’s order doesn’t really place any new restrictions on data collection and usage, Brookman says. Users “will still see ads based on things they did off of Facebook,” he said. “I don’t think the controls or defaults are going to be any better around that as a result of the order.”
Is Facebook listening to me? Why those ads appear after you talk about things
Big tech: Facebook, Google, Amazon, Twitter likely facing review from Justice Department
Facebook must enact an improved data security program that protects information including phone numbers, which users often give to opt into two-factor authentication, a stronger form of login requiring an additional confirmation of identity – such as a texted code – to gain entry to the network.
This step may represent “vigorous new standards” for data security, said FTC commissioner Rebecca Kelly Slaughter, one of two Democratic commissioners to vote against the settlement. “But I do not share my colleagues’ confidence that the order or the monetary penalty will effectively deter Facebook from engaging in future law violations, and thus I fear it leaves the American public vulnerable.”
Privacy and security requirements must include protections for biometric data including opt-in consent for facial recognition. Facebook must get users’ opt-in consent before using or sharing biometric data in ways beyond current uses.
Currently, Facebook asks whether you want the network to recognize your face in photos across the network. It says it does not share that information with advertisers and third-party developers, and the settlement would restrict future sharing without the required consents.
The agreement has “rather stringent requirements” on Facebook misusing or misrepresenting facial recognition, phone numbers and other nonpublic user data, said Jennifer Huddleston, a data privacy expert and research fellow at George Mason University’s Mercatus Center.
But users need to stay alert and check their privacy settings, she says. “It will continue to be important for consumers to continue to make choices that best reflect their own privacy preferences and avail themselves of the different options available to reflect those preferences,” Huddleston said.
The FTC’s settlement’s shortcomings reflect the need for a national privacy law, Brookman says. “They are required to hire more lawyers and have some new processes, but absent new rules those processes won’t really matter,” he said.
Follow USA TODAY reporter Mike Snider on Twitter: @MikeSnider.