Facebook must adopt new protections for data users share on the social network and pay a record-breaking $5 billion fine as part of a settlement with the Federal Trade Commission.
The social networking giant must expand its privacy protections across Facebook, Instagram and WhatsApp, and adopt a corporate system of checks and balances to remain compliant, according to the FTC order.
Facebook must also maintain a data security program, which includes protections of information such as users’ phone numbers.
This settlement concludes a year-long FTC investigation, prompted by the 2018 Cambridge Analytica scandal. Facebook suspended the data analysis and political consulting firm in March 2018 for improper access to user data. That move came after The New York Times and The Observer said Cambridge Analytica had access to 50 million profiles and used them to target ads during the 2016 presidential election campaign.
At the time, Facebook said it knew the firm had violated its policies by obtaining and secretly passing on the data, which users had agreed to share with a personality prediction app.
The FTC’s order also curbs CEO Mark Zuckerberg’s oversight in privacy and security matters, with the requirement Facebook create a new privacy committee with independent board members who cannot be removed without a two-thirds shareholder vote. Zuckerberg and designated compliance officers each must submit individual quarterly compliance reports to the FTC.
Additionally, a third-party assessor will monitor Facebook’s privacy-related decisions going forward.
The commission approved the settlement with a 3-2 vote, with the dissenting commissioners wanting tougher action taken against Zuckerberg.