قالب وردپرس درنا توس
Home / Business / Facebook's privacy statement with the FTC does little to limit it

Facebook's privacy statement with the FTC does little to limit it



The Federal Trade Commission would like you to think that its settlement with Facebook regarding the latter alleged breach of privacy was a great deal.

And that was it – for Facebook.

The FTC – or at least the Republican majority who approved the deal announced on Wednesday – designated the "record" $ 5 billion penalty the company will pay as part of it and the "unprecedented" new constraints the agency puts into effect oversee the social media giant's privacy practices in the future. The agency also claimed that the settlement was far better than it could have ̵

1; and agreed much earlier than would have happened – had it been brought to justice.

Maybe so. But the deal is much more show than substance. And given the scope of Facebook's alleged misdeeds, it's too lame on the company and CEO Mark Zuckerberg.

The $ 5 billion penalty is far too unacceptable for a company that is as profitable as Facebook. The new supervisory structure has some major shortcomings and weaknesses. The settlement does little to limit Zuckerberg's power and does not hold him personally responsible for the actions of a company that he alone controls. And the deal does almost nothing to stop the collection and sharing of data – or their use for targeted advertising – which was at the heart of the company's privacy violations.

The agreement "escapes Facebook from the hook," said the FTC commissioner Rohit Chopra, who joined the fellow Democrat Rebecca Kelly Slaughter in voting against the agreement, in a written dissent. "The fine print in this settlement," he continued, "gives Facebook a lot to celebrate."

Chopra was not the only one who paralyzed the deal. Consumer groups including Free Press and the Electronic Privacy Information Center, which have criticized Facebook's privacy practices for years, blasted it as insufficient. Also, Republican Sen. Josh Hawley, a frequent Facebook critic, who called it disappointing and said it "completely fails to punish Facebook in any effective way."

Facebook can easily afford $ 5 billion

For all the patches on the back FTC's majority gave in to the deal, it is not difficult to understand why many consider it a bad deal.

Take the financial penalty. A $ 5 billion fine sounds like much, and the FTC's majority trumpet supposedly did so. After all, the largest previous penalty agency had filed in a case like Facebook's, the $ 22.5 million fine it hit on Google in 2012.

But compared to Facebook's revenue, profits, cash flow, market capitalization or cash on The hand, $ 5 billion is quite small. For example, only in the second quarter, sales of $ 16.9 billion in sales, generated $ 8.6 billion of cash from operations, and ended the quarter with $ 48.6 billion in cash and transferable securities. The "only" yielded a $ 2.6 billion surplus for the period, but that amount included a deduction for the FTC fine. In other words, even with the fine, it earned billions of dollars over the period.

Read this : FTC's $ 5 billion fine for Facebook is so pointless, it will probably let Zuckerberg wonder what he can't get away with

And it was just a quarter . Facebook's alleged breach stems from years back, and means that during that period, it easily generates hundreds of billions of dollars in revenue and tens of billions of dollars in profits.

Meanwhile, comparing the fines with previous penalties is not really part of the FTC's methodology, as Chopra noted in his dissent. The FTC has a well-defined set of factors it is supposed to take into account when determining financial penalties. The Agency shall, inter alia, take into account a company's ability to pay, its good or bad belief in dealing with the agency and the profits made by its offensive conduct.

"In my view, a rigorous analysis of unfair enrichment alone … probably will give a figure well over $ 5 billion," Chopra said.

The company can continue to collect consumer data

But it is not just the punishment where the deal is far less than it appears on the surface. The new privacy policy that Facebook will have to put into place as part of the deal is also more impressive in the abstract than it is likely to be in reality.

Under the agreement, the company will have to establish a new privacy committee consisting of independent directors. It will also have to create a new nomination committee, also composed of independent board members, who will name people to the privacy committee.

FTC chairman Joe Simons announces the penalty.
REUTERS / Yuri Gripas

Facebook's new head of privacy, Michel Protti, whose name was also required by the agreement, will have to provide quarterly reports to the Privacy Committee on the company's privacy practices under the agreement. It will also have to name an independent person to assess its compliance with the privacy program set out in the FTC's biannual agreement.

In addition, Facebook must review and report on the risk of privacy for each new product or service it launches.

All this sounds pretty heavy. But it will probably be more of a bureaucratic headache than a meaningful restriction on Facebook's activities. This is because the order generally does not prevent Facebook from implementing new products and services that violate users' privacy or from collecting their personal information.

Under the order, Facebook can no longer use members' phone numbers as they have given it for the purpose of two-factor authentication feature to target them to ads. It must also get its explicit consent before using face recognition technology on images of their faces. But apart from these exceptions, it is free to continue collecting, using, and sharing all the personal information they want about their users, as long as they make a risk assessment and describe what security measures they put into effect – if any – to mitigate them .

"The order allows Facebook to assess the level of user protection that is appropriate, and only keeps the company responsible for producing these evaluations," Chopra wrote. "What it doesn't require is to respect users' privacy."

The agreement does not check Zuckerberg's power

The new governance structure similarly seems to be trying to express that the FTC did something instead of meaningfully limiting Zuckerberg's power. For all the conversation in the order of "independent" board members, it is difficult for any Facebook director to be truly independent when Zuckerberg controls the company.

Thanks to his ownership of a special share class giving him 10 votes per share, Zuckerberg has about 58% of the voting power on Facebook. By itself, he can determine the outcome of any shareholder votes or board elections. The deal did nothing to limit the basic power.

The agreement states that it should limit that control by preventing the removal of any member of the Privacy Committee without the support of shareholders representing two-thirds of the voting power of the company, or more than Zuckerberg alone controls. But it's really not a meaningful limitation.

As Chopra noted in his dissertation, corporate executives are rarely removed from office during their term. Generally, they are replaced when the maturity is up, when companies vote for board members at their annual shareholder meeting. If Zuckerberg does not approve an assumed independent director's work on Facebook's new nomination or privacy committees, he could name and vote in alternative board members at the annual meeting alone.

"The proposed settlement ratifies Facebook's governance structure instead of changing it," Chopra said. "The Independent Privacy Committee" has little independence, no meaningful power and no shareholder purchases. "

FTC allowed Zuckerberg to withdraw from the hook – without interviewing him

But perhaps the worst thing about the settlement is that the FTC with it wipes the shifts cleanly for Facebook and its leaders unnecessarily and before it even completed its work. [19659002] The agency could and probably should have held individual Facebook managers and directors responsible for allegedly breaking the terms of the 2012 agreement, but it did not, even though Zuckerberg, CEO Sheryl Sandberg, and the company's directors were responsible for keeping Facebook In fact, the deal does not make any of them personally liable for alleged failure to do so. It is in stark contrast to the actions the FTC has made against smaller companies, including Cambridge Analytica, in which case, as the agency decided on the same day, it actually held Company Executive Personal Responsible.

Despite investigating Facebook for 16 months, the agency never interviewed Zuckerberg. said the FTC feared that Facebook would have gone to court instead of letting Zuckerberg be deposed, and that the agency believed it had all the information it needed without him.

But that claim seems ridiculous in the face. Zuckerberg controls the company. He was the one who announced or was intricately involved in the major steps that affected the ability of companies including Cambridge Analytica to access the personal information of Facebook users without their knowledge.

The agency was likely to have learned at least something about his involvement and thinking in these decisions by interviewing him. And even though it still chose not to hold him personally responsible for these decisions, the actual interview would have been a way of keeping him accountable.

Given Zuckerberg's control over Facebook, the FTC's failure to reveal its role in the company's numerous alleged privacy violations – including by interviewing him – was a "critical" missed step in the investigation, Chopra said.

"It's hard to imagine that some of the key decisions were made without his input," he said. "The FTC Law," he continued, "does not include special exceptions for leaders of the world's largest corporations, but this settlement sends the unfortunate message that they are subject to another regulatory framework."

And that's precisely why they are probably celebrating in the Facebook headquarters.

415.515.5594. You can also contact Business Insider securely via SecureDrop.


Source link