The Record Facebook Fine of F.T.C.

Everything we do online builds up a picture of our personalities. Every like, comment and share and each click gives clues on how is our personalities and characters. Social media companies use this information to make money. They sell it to companies who want to know what we might want to buy next, where we might want to go at the weekend or even what new TV shows we might want to watch. It is also precious sources for the politicians because knowing someone’s personality — what they like, what they don’t — might tell us more about them, how they might vote in an election. And that might help politicians work out how to target particular voters on social media.

It’s a huge story right now because, after months of negotiations, the Federal Trade Commission fined Facebook a record-setting $5 billion on Friday for privacy violations, according to multiple reports. This decision still needs final approval in the coming weeks from the Justice Department, which rarely rejects settlements reached by the agency. It’s unclear how long it will take for the Justice Department to review the terms. In the meantime, important questions remain unanswered, including whether the FTC has opted to hold Facebook CEO Mark Zuckerberg personally liable for the company’s privacy violations, and what sort of external oversight Facebook must submit to going forward.

What is the Federal Trade Commission?

After I completed our IT Law lessons which I organized last summer in Washington DC with F.T.C., I understood that the F.T.C. and Data Protection Authority of Turkey (Kişisel Veri Koruma Kurumu-KVKK) have not exactly same missions The Federal Trade Commission(F.T.C.) is an independent agency that aims to protect consumers and ensure a strong competitive market by enforcing consumer protection and antitrust laws. The agency oversees deceptive and unfair business practices. It is also the main watchdog for the internet industry that protects users privacy by policing companies for misleading users on how their personal data is collected and shared. The F.T.C. collects reports from consumers about fraud, identity theft, and other consumer problems. These reports are stored in the Consumer Sentinel Network (“Sentinel”) database. I can say that F.T.C. does not only work on data protection, but also fraud or unfair business practice. In contrast, Turkish KVKK only works on data protection area. The decisions of the F.T.C. need to be approved by the Justice Department while the decisions of the KVKK are implemented without the approval of the Ministry of Justice. But the appeal against the decisions of KVKK is available. However, both commissions have some similar decisions. For example, KVKK has officially announced that it had fined Facebook 1.65 million Turkish Liras (approx. $276.000) on April 11. This is the highest fine by KVKK by now. KVKK announced several decision abstracts before. But the companies weren’t as famous as Facebook before. Therefore, this decision sets an important example for upcoming investigations and decisions. The decision was rendered based on two provisions of the Turkish Data Protection Act (the DP Act), which are on data security and the obligation to notify the Authority in case of a data breach. Indeed, due to Article 12/1/b of the DP Act data controllers are obliged to take all necessary technical and administrative measure to provide a sufficient level of security in order to prevent unlawful access to personal data. Additionally, Article 12/5 obliges data controllers to notify data subjects and KVKK within the shortest time.

The F.T.C. opened its investigation into Facebook’s data practices last March, one week after news broke that Cambridge Analytica, a political consulting firm that worked with the Trump campaign in 2016, had improperly obtained information on tens of millions of Facebook users. It is believed about 1.1 million of those people are based in the UK. The data was purchased from an academic who used a personality profiling app to collect information not just from consenting users but, thanks to Facebook’s lax privacy policies at the time, from all those users’ friends — without their knowledge. Facebook didn’t cut off that access until 2015. Whereas in 2011, Facebook had promised the F.T.C. that it would not share data with third parties without users’ affirmative consent, as part of a settlement agreement over charges that the company deceived consumers about its privacy practices. It appears that the regulator has found that Facebook violated that consent decree. It would be the biggest fine by the federal government against a technology company, after $22 million imposed on Google in 2012. According to the news by Kang at New York Times (July 12, 2019), it would also represent one of the most aggressive regulatory actions by the Trump administration, and a sign of the government’s willingness to punish one of the country’s biggest and most powerful companies. The decision of F.T.C. appeared to help split the five-member commission. The 3-to-2 vote drew the dissent of the two Democrats on the commission because they sought stricter limits on the company, the people said. But none of the conditions in the settlement will impose strict limitations on Facebook’s ability to collect and share data with third parties. It seems that the company’s value on Wall Street as proof that the settlement would not curb the company’s behavior. As the New York Times reported, the deal wouldn’t restrict Facebook’s ability to collect and share its users’ data with third parties. That’s actually the real problem here: fines and punishments are only effective when they provide negative consequences for bad behavior. But Facebook has done nothing but behave badly from inception, and it has only ever been slapped on the wrist by authority figures and rewarded by the market. After all, Facebook was already under a previous F.T.C. consent decree for privacy violations imposed in 2011, and that didn’t seem to stop any of the company’s recent scandals from happening. As Kara Swisher has written at NYT(April 4, 2019), you have to add another zero to this fine to make it mean anything. Until now, the biggest fines and restrictions against tech companies have come from Europe. Officials there have imposed several charges of antitrust and privacy laws against Amazon, Apple, Facebook and Google. Last year, the European Union fined Google $5.1 billion for abusing its large market share in the mobile phone industry. More recently, numerous officials and lawmakers around the world have rushed to regulate Facebook such as KVKK in Turkey.

Facebook and the F.T.C. had been in discussions for more than a year over the agency’s probe into the company. At his first congressional hearing, Facebook CEO and founder Mark Zuckerberg had admitted that the social network did not do enough to prevent the misuse of user data, placing the blame squarely on himself. “It’s clear now that we didn’t do enough to prevent these tools from being used for harm …” Zuckerberg had been said in written testimony released by the US House Energy and Commerce Committee. “That goes for fake news, foreign interference in elections, and hate speech, as well as developers and data privacy.” Moreover, Sen. Ron Wyden (D-Ore.) had been urged the Federal Trade Commission to hold Mark Zuckerberg personally accountable for Facebook’s privacy failures, in addition to whatever separate penalty it may levy against the social media company itself. In a letter to the F.T.C., the senator had made clear from the start he thinks Zuckerberg is to blame for his company’s “repeated violations of Americans’ privacy,” and as a result, he should be held “individually liable.” After Mark Zuckerberg approval and senator’s letter, we could consider that FTC should hold him for facebook individually liable. But F.T.C. does not regularly go after executives when levying fines or other penalties for a company’s wrongdoings. It would have been a rare move for the F.T.C., which refrained from singling out Zuckerberg in 2011, the last time the social network had a run-in with the agency. It is also difficult to hold Mark Zuckerberg and other top Facebook executives personally at fault and liable for further wrongdoing in an incorporated company in the light of corporation law. The US Law expressly provides limited liability for officers, directors, and shareholders acting on behalf of the corporation. An injured party or a creditor cannot sue corporation employees for actions they took in the corporation’s name.

Despite all the criticism of the company, Facebook has continued to do well financially. Even $5 billion would be a drop in the bucket for Facebook, which earned more than $55 billion in revenue in 2018. When Facebook disclosed in its Q1 earnings report that it had set aside $3 billion to $5 billion to cover the costs of the settlement, it’s stock price soared. The reported F.T.C.fine, hefty as it is, doesn’t mean the company’s regulatory woes are over. Facebook still faces multiple investigations in the US. The Securities and Exchange Commission launched a probe last year in the wake of the Cambridge Analytica revelations. Earlier this year, Facebook’s data deals with other companies sparked a criminal investigation by federal prosecutors in the Eastern District of New York.

The Cambridge Analytica scandal spurred a rising awareness of data rights in the United States, as Facebook and other tech companies were repeatedly called to answer for broken promises and failures to protect user data. The F.T.C.’s apparent decision comes amid growing demand for more action to rein in Big Tech. In Congress, lawmakers on both sides of the aisle have called for federal legislation to protect the privacy rights of Americans, while a number of state legislatures already have passed or are considering privacy bills of their own. Lawmakers urged the F.T.C. to be aggressive in its investigation of Facebook. Republicans said little about the F.T.C. vote on Friday. But numerous Democrats said the agency did not go far enough. Members of Congress are already opposing this settlement. Rep. David Cicilline is calling it a “Christmas present,” while Senator Ron Wyden says the F.T.C. has “failed miserably.” Senator Richard Blumenthal says the decision is “inadequate” and “historically hollow,” and Senator Mark Warner says “It’s time for Congress to act.” If approved, Friday’s apparently F.T.C. settlement would set a precedent for how federal regulators plan to approach tech giants at a time of rising awareness about data rights. But not even $5 billion will effect real change without comprehensive reform to back it up. The Cambridge Analytica, Facebook is just an example of how social media affects our lives. Perhaps the greatest one. With social media reaching all over the world, people spend much more time and share more data with each click. Facebook or other social media platforms are not only effective in one country but also in other countries. Lawmakers should regulate strict rules for data protection despite the carelessness of citizens.