FTC Fines Facebook $5 Billion for Privacy Violations
- The Federal Trade Commission has fined Facebook $5 billion for violating the privacy of customers and imposed new accountability measures and restrictions for Facebook, WhatsApp, and Instagram.
- The fine is the largest penalty imposed on a tech company for privacy violations ever, which comes after a yearlong investigation into Facebook’s involvement in the Cambridge Analytica data breach.
- The FTC found that Facebook “deceived” their customers by allowing their data to be accessed by apps their friends used, despite telling the public they had stopped that practice.
- The FTC also alleges that Facebook enforced data sharing policies based “on whether Facebook benefited financially from its arrangements with the developer.”
The U.S. Federal Trade Commission (FTC) announced Wednesday that it was fining Facebook a record-breaking $5 billion for privacy violations as well as instituting sweeping privacy restrictions and oversight measures.
The penalty represents the largest fine that the FTC has ever imposed on a tech company by far. It is also the biggest penalty ever brought on a company for privacy violations, according to the FTC announcement.
The announcement comes after a yearlong investigation of Facebook over privacy violations.
That investigation was started right after The New York Times and The Observer of London reported that Facebook allowed British political consulting firm Cambridge Analytica to harvest the data of millions of Facebook users without their knowledge and build voter profiles from those users data without their consent.
Cambridge Analytica got the data from Facebook users who used a third-party gaming application called “This Is Your Digital Life.”
Although it has been estimated that only around 270,000 people used the app, the users who gave the app permission to access and acquire their data also gave the app permission to do the same for all of their Facebook friends.
That resulted in the personal information of nearly 87 million Facebook users being collected by Cambridge Analytica, despite the fact that the vast majority of those people had never given the firm permission to access their information, or even played the game.
Along with investigating Cambridge Analytica, the FTC’s investigation also expanded to look at other privacy concerns, such as the tech giant’s data-sharing policies with other third-party apps and device-makers that Facebook users might not have understood or been aware of.
All of that culminated in the report and announcement released Wednesday by the FTC.
In addition to the $5 billion fine, the FTC’s announcement also stated that Facebook must “submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users’ privacy.”
That requirement, the FTC says, is mandated “to settle Federal Trade Commission charges that the company violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information.”
The FTC goes on to describe the 2012 order in question, saying that it explicitly “prohibited Facebook from making misrepresentations about the privacy or security of consumers’ personal information, and the extent to which it shares personal information.”
The 2012 FTC order also required that Facebook “maintain a reasonable privacy program that safeguards the privacy and confidentiality of user information.”
Violations of 2012 Order
The FTC goes on to outline how Facebook specifically violated the 2012 order. The statement describes numerous instances, but the most significant examples center around privacy disclosures to customers.
For example, in 2012, Facebook put a disclosure on their Privacy Settings page telling users the information they shared with their friends could also be shared with the third-party apps their friends used.
The FTC claims that four months later, Facebook removed the disclosure “even though it was still sharing data from an app user’s Facebook friends with third-party developers.”
Then in 2014, Facebook announced they would stop letting third-party developers collect data about the friends of app users. However, the FTC says that Facebook separately told the developers that they could continue to access that data until April 2015.
Even then, Facebook still waited “until at least June 2018 to stop sharing user information with third-party apps used by their Facebook friends,” the FTC said.
The statement then goes on to say, “Facebook did not screen the developers or their apps before granting them access to vast amounts of user data.”
Facebook also claimed it had consequences for policy violations by third-parties, but it “did not enforce such policies consistently and often based enforcement of its policies on whether Facebook benefited financially from its arrangements with the developer,” the FTC alleged.
New Restrictions & Overhauls
In addition to spelling out Facebook’s privacy violations, the FTC announcement also included some of the new restrictions and oversight measures that Facebook will have to comply with under the settlement.
To ensure accountability with Facebook’s board of directors, the order will create “an independent privacy committee of Facebook’s board of directors,” in order to remove “unfettered control by Facebook’s CEO Mark Zuckerberg over decisions affecting user privacy.”
The settlement also requires the company to “designate compliance officers who will be responsible for Facebook’s privacy program,” and gives a third-party assessor more power to evaluate Facebook’s privacy programs.
Regarding restrictions the settlement imposes, Facebook will now have to conduct privacy reviews for any new or modified products and services before they can be implemented.
It will also be required to document any data breach involving 500 or more users.
The FTC statement continues to include a laundry list of new requirements, like exercising more oversight over third-party apps, encrypting passwords, and more.
Notably, it also requires Facebook to “establish, implement, and maintain a comprehensive data security program.”
Also of huge significance is that these new restrictions and accountability measures will also apply to Facebook-owned companies WhatsApp and Instagram.
The decision was approved by the FTC’s commissioners in a 3-to-2 vote earlier this month, with the three Republican commissioners voting to approve the settlement and the two Democrat commissioners voting to oppose.
In a statement to The New York Times, the three Republican commissioners, including agency chairman, Joseph Simons, said the settlement “will provide significant deterrence not just to Facebook, but to every other company that collects or uses consumer data.”
However, the two Democratic commissioners argued that the settlement did not do enough. They said that the $5 billion fine is just a slap on the wrist for Facebook, which made $55.8 billion in revenues last year alone.
They also pointed out that the settlement did not actually do anything to change or restrict Facebook’s ability to collect and share their user’s personal information.
“The proposed settlement does little to change the business model or practices that led to the recidivism,” Democratic Commissioner Rohit Chopra wrote in his dissenting statement. “Nor does it include any restrictions on the company’s mass surveillance or advertising tactics.”
The Democratic commissioners also reportedly disliked the settlement because they wanted to take the case to court, and felt that the Facebook executives should have been held personally accountable.
The Republican commissioners, however, have said that they did not have a strong enough case to move it to court.
See what others are saying: (The Chicago Tribune) (The Washington Post) (The New York Times)
Amazon to Pay Over $30 Million for Alexa and Ring Privacy Violations
Privacy violation charges stack up against the tech giant as the FTC partners up with the DOJ.
Amazon Pays Up
Amazon agreed to a $30 million settlement for each of these complaints over complaints alleging that its Alexa and Ring products violated customer privacy.
The Federal Trade Commission and Justice Department accused Amazon of retaining children’s geolocation data as well as the recordings of their conversations with Alexa. Additionally, the FTC brought another complaint against Amazon’s Ring for violating their customers’ privacy and failing to complement basic security measures.
In addition to the accusations of retaining data, the FTC also charges Amazon with deceiving their customers, saying requests from parents to delete their children’s recordings and other data went ignored despite repeated assurances that parents can delete the data at any time.
Amazon says this data was retained to train their Alexa algorithms to better understand children. But their reasoning does not change law. Their actions are still in violation of the federal Children’s Online Privacy Protection Act, known as COPPA.
“Amazon’s history of misleading parents, keeping children’s recordings indefinitely, and flouting parents’ deletion requests violated COPPA and sacrificed privacy for profits,” said Samuel Levine, the director of the FTC’s Bureau of Consumer Protection in the press release regarding the complaint. “COPPA does not allow companies to keep children’s data forever for any reason, and certainly not to train their algorithms.”
The Settlement’s Details
The proposed settlement that Amazon agreed to on Wednesday includes a $25 million civil penalty as well as requirements to both delete the data in question and never use voice recordings of adults or children in the development or creation of a product again.
However approval on this settlement is still needed from the federal courts.
Despite agreeing to the settlement, Amazon denies violating COPPA, saying they designed Amazon Kids for parents to have full control and to comply with the law.
In their complaint against Ring, the FTC accused the company of violating their customers’ privacy by allowing countless employees and hundreds of contractors access to the videos from Ring cameras.
Leading to situations like one in 2017, when a Ring employee watched thousands of videos belonging to dozens of female customers, including those in their bedrooms and bathrooms.
Additionally, the FTC says that Ring did not implement basic security protections for years which allowed hackers to take control of their customers’ accounts, cameras, and videos leading to 55,000 US Ring customers facing hacker attacks. In some cases, hackers could access Ring’s two-way functions to harass, insult, and threaten people – including children. The complaint alleges that Ring’s egregious privacy failings lasted for at least 4 years – between at least 2016 to 2020.
Amazon responded to the complaint saying that RIng had addressed the concerns before the FTC even began their inquiry.
The FTC proposed a settlement of $5.8 million in consumer refunds – as well as a demand for Ring to create a privacy and security program. The settlement also awaits federal court approval.
See what others are saying: (New York Times) (Axios) (CNBC)
Right-Wingers Are Turning Against Chick-fil-A
Some have accused the company of joining a woke “cult” after learning of its diversity, equity, and inclusion initiative.
Chick-fil-A Goes “Woke”
Conservatives are condemning Chick-fil-A after learning of the fast food chain’s commitments to diversity, equity, and inclusion.
Some have accused the brand of bowing “to the Woke mob.” Others have debated boycotting the chain.
It’s unclear when exactly Chick-fil-A began its DEI campaign, but according to LinkedIn, the current Vice President of DEI, Erick McReynolds, has been working in the department since 2020 before taking on his current role in 2021. It is also unclear why right-wingers on Twitter have just now discovered Chick-fil-A’s DEI website, but many spent a chunk of Tuesday morning lambasting the company for working to promote diversity.
Chick-fil-A’s DEI page is titled “Committed to being Better at Together.”
“Modeling care for others starts in the restaurant, and we are committed to ensuring mutual respect, understanding and dignity everywhere we do business,” McReynolds said in a statement on the website.
Chick-fil-A is no stranger to boycott campaigns, though those efforts usually come from the opposite side of the political aisle. The company, known for its strong Christian ties, has been criticized for donating to groups with anti-LGBTQ missions. As a result, many on the left have refused to eat there, while it has been a haven for those on the right.
Conservatives, however, have become increasingly outraged by DEI initiatives. Chick-fil-A’s website, which only vaguely outlines its DEI efforts, still seems to be enough for the right to change its tune about the brand.
“Even our beloved Chick-Fil-A has fallen to the DEI cult,” one person tweeted. “the same agenda that is turning our beloved military woke.”
“It’s becoming an epidemic that even Christian companies are being strong-armed to participate in,” the tweet continued.
Old Clip of Chairman Resurfaces
Some have also started resurfacing an old clip of Chick-fil-A Chairman Dan Cathy speaking on a panel about racism during the summer of 2020. During the discussion, he talked about repentance and said that if you ever see someone who needs their shoes shined, you should do it. He then walked over to a Black person on the panel, got on his knees, and shined their shoes.
“There’s a time in which we need to have, you know, some personal action here, and maybe we need to give them a hug, too,” Cathy said while shining the shoes.
“I bought about 1,500 of these and I gave them to all our Chick-fil-A operators and staff a number of years ago,” Cathy continued, in reference to his shoe-shining brush. “So, any expressions of a contrite heart, of a sense of humility, a sense of shame, a sense of embarrassment begat with an apologetic heart — I think that’s what our world needs to hear today.”
The clip caused a stir when the events first unfolded, and has prompted a new wave of anger now. Some are accusing Cathy of being “a woke, anti-American, anti-white BLM boot licker” who thinks all white people need to shamefully shine the shoes of Black people to apologize for racism, though that is not what he said.
These boycott calls are just the latest from conservatives who have been on a rampage against any company supporting any social cause they deem as “woke.” Earlier this year, the political right took a stand against Bud Light after it included a trans influencer in a sponsored Instagram post. Just last week, Target and Kohls faced boycotts over items in their Pride Month collections.
See what others are saying: (The Hill) (Rolling Stone) (AL)
Bioré Apologizes For Referencing School Shooting in Mental Health Ad Campaign
“Our tonality was completely inappropriate. We are so sorry,” the skincare brand said.
Video Faces Backlash
The skincare brand Bioré apologized this week for partnering with a school shooting survivor as part of its Mental Health Awareness Month campaign.
“We are committed to continuing our mental health mission, but we promise to do it in a better way,” the company said in an Instagram post on Sunday.
Last week, influencer and recent Michigan State University graduate Cecilee Max-Brown posted a video to TikTok sponsored by Bioré where she discussed the numerous challenges she had faced throughout the year. Among them was a school shooting on her college’s campus, which killed three people in February.
“Life has thrown countless obstacles at me this year, from the school shooting to having no idea what life is going to look like after college,” Max-Brown says in the video. “In honor of mental health awareness month, I’m partnering with Bioré skin care to strip away the stigma of anxiety.
“We want you to get it all out, not only what’s in your pores, but most importantly, what’s on your mind, too,” she continued.
In the 50-second video, Max-Brown went on to discuss more details about her mental health struggles, as well as how “seeing the effects of gun violence firsthand” has impacted her and led to “countless anxiety attacks.”
“I will never forget the feeling of terror that I had walking around campus for weeks in a place I considered home,” she said before closing the video by encouraging her followers to participate in Bioré’s mental health campaign.
The video ignited swift outrage from people who accused Bioré of using a school shooting to sell products. In its apology, the brand admitted the video was misguided.
In the past, Bioré said it has worked with influencers to discuss and reduce mental health stigmas, as the subject is a top priority for its consumers.
“This time, however, we did it the wrong way,” the company said. “We lacked sensitivity around an incredibly serious tragedy, and our tonality was completely inappropriate. We are so sorry.”
Max-Brown also apologized on TikTok, writing that the video was intended to spread awareness, not suggest a product fixed the struggles she has experienced as a result of the shooting.
“I did not mean to desensitize the traumatic event that took place as I know the effects that it has had on me and the Spartan community,” she wrote.
Max-Brown has since removed the initial sponsored video from her account.