Facebook revealed it will pay $5 billion fine to resolve a US government probe into its privacy practices and will boost safeguards on user data.
The U.S. Federal Trade Commission had also opened a separate antitrust investigation of the company.
Facebook has nominated Michel Protti, the company’s vice president of marketing on partnerships, to serve as chief privacy officer. Delfina Eberly will lead privacy programs audit and oversight, and Vladimir Fedorov will lead privacy review across Facebook’s product and engineering teams.
The FTC probe that resulted in the $5 billion settlement uncovered a range of privacy issues at Facebook. It was triggered by allegations that Facebook violated a 2012 consent decree by inappropriately sharing information belonging to 87 million users with the now-defunct British political consulting firm Cambridge Analytica. The consultancy’s clients included President Donald Trump’s 2016 election campaign.
The FTC said it voted 3-2 to adopt the settlement.
Republican FTC Chairman Joe Simons stressed the FTC’s limited authority and desire to avoid a long court fight.
Democratic FTC Commissioner Rohit Chopra complained that the penalty provided “blanket immunity” for Facebook executives “and no real restraints on Facebook’s business model” and does “not fix the core problems that led to these violations” or limit Facebook’s ability to collect data.
The Securities and Exchange Commission (SEC) said Facebook agreed to pay an additional $100 million to settle allegations that it misled investors about the seriousness of its misuse of users’ data.
Under the settlement, Facebook’s board will create an independent privacy committee that removes “unfettered control by Facebook CEO Mark Zuckerberg over decisions affecting user privacy.”
Facebook also agreed to exercise greater oversight over third-party apps, and said it was ending access to friend data for Microsoft and Sony.
Under the deal, Zuckerberg and other Facebook executives must sign quarterly certifications attesting to privacy practices. The FTC said a false certification could result in civil and criminal penalties.
Facebook is barred from asking for email passwords to other services when consumers sign up. It is barred from using telephone numbers for advertising if they are obtained in a security feature like two-factor authentication. The company must also get user consent to use facial recognition data.
Facebook said it may find additional problems as it initiates a review of its systems and warned it will take longer to roll out updates.
In a Facebook post, Zuckerberg said: “we’re bringing our privacy controls more in line with our financial controls.” He added that when features are added or modified, “we’ll have to document any risks and the steps we’re taking to mitigate them.”