IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Facebook’s historic $5bn FTC settlement branded a "sweetheart deal"

Critics worry this is a missed opportunity to change Facebook's data practices after the Cambridge Analytica scandal

The Federal Trade Commission (FTC) will levy a $5 billion fine against Facebook as part of a wider settlement agreed following an investigation into the Cambridge Analytica data-sharing scandal.

Subject to final approval by the US Justice Department, Facebook will face the largest financial penalty a tech firm has been handed by a government regulator for breaching data protection laws. The fine is many multiples larger than the French data protection authority's 44 million fine against Google earlier this year for violating the General Data Protection Regulation (GDPR), which stood as the largest fine officially levied until now.

The agreement, which was reached following months of negotiations between two parties, also sees Facebook subject to greater oversight, according to the New York Times (NYT). But the social media giant will not be restricted in the ways it shares users' data with third-parties.

Many, including the Observer journalist Carole Cadwalladr who initially broke the Cambridge Analytica story, have branded the settlement inadequate. Cadwalladr herself described the agreement as "a sweetheart deal", declaring that Facebook "is well and truly out of control".

The $5 billion fine represents approximately 9% of Facebook's annual turnover for 2018, more than double the maximum GDPR penalty an EU regulator can levy against the company.

But Facebook's share price actually rose as the news broke on Friday, with investors pleased the FTC's investigation will soon conclude without spilling out into a lengthy saga that dominates newspaper headlines. Moreover, the company has cash reserves of more than $40 billion, the NYT claims.

The settlement was agreed by a 3-2 majority vote of the FTC's board split based on party lines, with Republicans in favour and Democrats against.

Facebook was also found to have violated a previous settlement with the FTC struck in 2011 after the firm was required to change its privacy policies following widespread criticism.

Following the launch of its investigation into Facebook's data practices in March 2018, the US regulator had been expected to levy a fine against Facebook in the region of $3 billion to $5 billion. The outcome of the settlement negotiation was also previously thought to include a clause in which federally-appointed privacy executives would be injected into the highest levels of the company, yet this has yet to materialise.

The UK's Information Commissioner's Office (ICO) previously fined Facebook 500,000 for violating the Data Protection Act 1998 in the wake of the Cambridge Analytica scandal. This was the maximum fine that could be handed to the firm under legislation that applied prior to GDPR's introduction.

Data protection authorities in the EU, meanwhile, are still probing Facebook for a handful of GDPR violations, namely the Irish data regulator which is currently pursuing ten investigations against the firm.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Senator reintroduces federal data protection bill
data protection

Senator reintroduces federal data protection bill

17 Jun 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022