The Federal Trade Commission (FTC) is working hard to ensure that the back end of Facebook gets a privacy-related facelift. Facebook is the most active social media platform in the world, with 2.38 billion active users per month. The social media giant uses machine learning to tap into users’ personal information and to steer targeted ads in their direction. Facebook claims that users can control the privacy of their information in the privacy settings on their profile.

After a previous lawsuit several years ago, the FTC contends that Facebook once again made misleading statements about how it uses personal information provided by its users. The FTC recently settled with Facebook for a fine of $5 billion and requires some other fundamental changes that Facebook must make to ensure consumer data privacy. Facebook also owns WhatsApp and Instagram.

Results of the FTC Settlement

This isn’t the first time that Facebook has been under fire by the FTC. In 2012, the FTC sued Facebook for misleading users about the extent to which they could keep their information private. The $5 billion settlement is the largest civil penalty that the FTC has ever levied on a company for violating consumer privacy. It’s also one of the largest penalties that the U.S. government has imposed for any kind of violation. The FTC sets new benchmarks if the company fails to follow through with their future promises.

The FTC voted in favor of the settlement. The Republican majority in Congress backed the agreement. Democrats objected to the settlement, so the battle ensued at the Justice Department’s civil division for final review.

In a 2011 FTC consent decree, Facebook agreed to allow PricewaterhouseCoopers, LLP to conduct ongoing privacy assessments. Facebook continued to use facial recognition, consumers’ cell phone numbers and other personal data, which led to the current charges and settlement. The FTC doesn’t have supervisory authority, but there are other ways to arrange for it.

Before the settlement, Senators Richard Blumenthal and Josh Hawley had sent a letter stating that the FTC should name Facebook executives in an enforcement action if they found that they had violated the law or previous FTC regulations. Certain emails connected Facebook CEO Mark Zuckerberg to questionable privacy practices. The FTC considered those emails in deciding to pursue a settlement.

Another part of the settlement demotes CEO Mark Zuckerberg as the company’s consumer privacy decision-maker. Facebook will have to create a senior-level independent committee of the board of directors to oversee decisions on privacy matters. The company will also have to hire an independent third-party assessor to do an evaluation of Facebook’s privacy program and policy. Failure to abide by the terms of this settlement could net civil and/or criminal penalties.

What Is the Role of the FTC in Privacy Enforcement? 

There has been criticism of the role of the FTC as being weak and lacking real authority. Other countries have established agencies to manage privacy matters and have given them the authority to enforce regulations. Data privacy and security laws in the European Union are far stronger and better developed than any federal agency in the United States. Some have questioned whether some other agency might be better equipped to deal with data privacy issues.

The Safe Harbor Framework was implemented in 2000 due to pressure from EU leaders who were concerned about the lack of privacy protection as it pertained to data being transferred between countries. Failing to provide adequate data privacy protection, the Safe Harbor Framework was renegotiated, and in 2016, it was replaced with the EU-US Privacy Shield Framework. Many lawmakers have expressed concerns that the FTC’s funding levels were too low to address the data privacy issues adequately.

Despite its weaknesses, the FTC has successfully charged and settled legal actions against many companies over various data privacy issues.

Other recent issues that are sparking talk of possible regulations that would require companies to form a privacy committee pertain to violations of children’s privacy protections at Alphabet Inc.’s YouTube unit and the settlement with Equifax Inc. over a 2017 data breach.

What Will a Privacy Committee Mean for Facebook and the Future of Digital?

With the frequency of data privacy violations in the United States, along with global pressure to take stronger regulatory measures, and continuing data privacy issues among major players like Facebook, it’s no surprise that Congress is reviewing its options for creating a federal data privacy law. The state of California has already stepped outside the gate and passed the California Consumer Privacy Act, which goes into effect in 2020. One of the main issues that needs to be resolved is whether the primary responsibility for data privacy will lie at the federal or state level.

Democrats in both chambers in Washington, D.C., are pressing hard to move the issue forward. Congress needs to consider how any new laws or regulations will impact existing data privacy laws like the Electronic Communications Privacy Act and the Cable Communications Privacy Act, which currently don’t preempt state laws.

New regulations or laws could require certain companies to form a privacy committee, which would be responsible for data breaches and violations of data privacy laws. Such a law may have requirements about the types of individuals who would be qualified to serve on such a committee. Ultimately, boards of directors would have the final responsibility for overseeing data privacy protection. A new federal law could subject board directors to civil or criminal penalties.

Corporate boards will need to start wrestling with a lot of the same questions as lawmakers about how best to collect and manage data while protecting the consumer’s right to data privacy.

The issue of data privacy is just one of the many new modern governance issues that came about because of vast advancements in technology. Now is the time for corporate boards to focus on modern solutions for corporate governance, especially with regard to internal security. It’s a crucial time for boards to implement modern digital solutions like a board management software system by Diligent Corporation where they can do their work confidentially and control who in the company can access various types of information.