The Federal Trade Commission (FTC) will levy a $5 billion fine against Facebook as part of a wider settlement agreed following an investigation into the Cambridge Analytica data-sharing scandal.
Subject to final approval by the US Justice Department, Facebook will face the largest financial penalty a tech firm has been handed by a government regulator for breaching data protection laws. The fine is many multiples larger than the French data protection authority's 44 million fine against Google earlier this year for violating the General Data Protection Regulation (GDPR), which stood as the largest fine officially levied until now.
The agreement, which was reached following months of negotiations between two parties, also sees Facebook subject to greater oversight, according to the New York Times (NYT). But the social media giant will not be restricted in the ways it shares users' data with third-parties.
Many, including the Observer journalist Carole Cadwalladr who initially broke the Cambridge Analytica story, have branded the settlement inadequate. Cadwalladr herself described the agreement as "a sweetheart deal", declaring that Facebook "is well and truly out of control".
The $5 billion fine represents approximately 9% of Facebook's annual turnover for 2018, more than double the maximum GDPR penalty an EU regulator can levy against the company.
But Facebook's share price actually rose as the news broke on Friday, with investors pleased the FTC's investigation will soon conclude without spilling out into a lengthy saga that dominates newspaper headlines. Moreover, the company has cash reserves of more than $40 billion, the NYT claims.
The settlement was agreed by a 3-2 majority vote of the FTC's board split based on party lines, with Republicans in favour and Democrats against.
Facebook was also found to have violated a previous settlement with the FTC struck in 2011 after the firm was required to change its privacy policies following widespread criticism.
Following the launch of its investigation into Facebook's data practices in March 2018, the US regulator had been expected to levy a fine against Facebook in the region of $3 billion to $5 billion. The outcome of the settlement negotiation was also previously thought to include a clause in which federally-appointed privacy executives would be injected into the highest levels of the company, yet this has yet to materialise.
The UK's Information Commissioner's Office (ICO) previously fined Facebook 500,000 for violating the Data Protection Act 1998 in the wake of the Cambridge Analytica scandal. This was the maximum fine that could be handed to the firm under legislation that applied prior to GDPR's introduction.
Data protection authorities in the EU, meanwhile, are still probing Facebook for a handful of GDPR violations, namely the Irish data regulator which is currently pursuing ten investigations against the firm.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.