What did Facebook do to get a $5 billion fine?

The Data Protection Practitioner’s Conference in April 2019 featured a guest speaker, Mark Rotenberg. Mark is a US privacy and rights lawyer. He has given evidence to congress on 60 occasions, and is involved in an organisation which lobbies and campaigns in the US for privacy and democracy.

A lot of Mark’s speech was about the privacy battles with Facebook. Initially Facebook users were set against Facebook’s business partners who wanted free rein to mine personal data on Facebook for their own marketing purposes. By 2011 the Federal Trade Commission were involved and obtained an order covering the following and more:

To bar Facebook from making misrepresentations about data use
To require Facebook to obtain express consent to the use of personal data
To require Facebook to protect data from third parties
To require Facebook to establish and maintain a comprehensive privacy programme designed to control and manage risks associated with changes to terms of service
To commit Facebook to an audit programme.

The FTC proved reluctant to enforce the order initially but now in 2019 we see the massive fine against Facebook. It has been a long time coming and required the dedication of privacy rights groups in the US to get it over the line. However any attempt to show this as retribution for a security breach, some of the articles I have read recently do that, is wrong. It is a punishment for deliberate, repeated, breaches of privacy standards.

Mark Rotenberg actually said that what the campaigners want is not necessarily a fine. The view of the US lobby group is that a fine would put pressure on Facebook to recover its losses by more marketing activity. What they want is control, to reform how Facebook operates. They also want the acquisition of Instagram and Whatsapp to be reviewed and, if possible, unravelled, fearing that Facebook’s systemic privacy breaches will infect those services.

The Facebook scandal is unlikely to end here. There is commitment from both sides to a long, protracted battle of wills.

Mandy P Webster, Data Protection Consultant

By mandy.webster|2019-07-24T07:16:05+01:00July 24th, 2019|Categories: Accountability|0 Comments

About the Author: mandy.webster

Since June 1999 Mandy Webster has been a freelance consultant offering audit, advice and training on privacy, information security and e-commerce issues as Data Protection Consulting Limited. The company’s mission is to help clients from a variety of sectors, and of all sizes, comply with data protection law and to that end it offers a range of solutions. Mandy, a qualified lawyer, is author of ‘Data Protection for the HR Manager’ and ‘Data Protection in the Financial Services Industry’ published by Gower and “Effective Data Protection” and ‘The ICSA Data Protection Troubleshooter’ published by ICSA Publishing Limited. Mandy is a well-known writer, commentator and speaker on data protection.

What did Facebook do to get a $5 billion fine?