The importance of data privacy is starting to get more serious. The U.S. Federal Trade Commission today announced Facebook will be fined a record-breaking $5 billion penalty for violating its users privacy. This comes just days after the FTC and Equifax came to a $575 million agreement for its 2017 data breach. 

GDPR one year later: Slow compliance, lax enforcement
Report: The costs of data breaches are rising
Privacy as a service
It’s time for data privacy legislation

“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” said FTC chairman Joe Simons. “The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations. The Commission takes consumer privacy seriously, and will enforce FTC orders to the fullest extent of the law.”

In addition to the fine, Facebook has been ordered to restructure its privacy approach from corporate board-level down, and to provide strong mechanisms to ensure its executives are held accountable for their actions. The fine and restrictions come from a yearlong investigation by the FTC and U.S. Department of Justice. 

The FTC is also addressing the Cambridge Analytica scandal with seperate law enforcement actions against Cambridge Analytica, its former CEO Alexander Nix and the app developer Aleksandr Kogan. According to the FTC, Cambridge Analytica used “false and deceptive tactics to harvest personal information from millions of Facebook users. As part of the settlement, the FTC is restricting how Kogan and Nix conduct any future business, and will require them to delete or destroy any personal information collected. There has been no settlement with Cambridge Analytic itself. The company has filed for bankruptcy. 

“The FTC’s investigation was initiated after the events around Cambridge Analytica last year. Our handling of this matter was a breach of trust between Facebook and the people who depend on us to protect their data. This agreement is not only about regulators, it’s about rebuilding trust with people,” Colin Stretch, vice president and general counsel for Facebook, wrote in a post

The new Facebook order requirements include a focus on transparency, decision-making and accountability. According to Facebook, this includes building privacy into every product with more monitoring and reporting, providing stricter compliance such as detailed quarterly reports and executive accountability, independent oversight with a committee dedicated to privacy, and independent privacy assessments.

“The real ‘teeth’ of this announcement will come not from the $5 billion settlement. Facebook is worth hundreds of billions of dollars, so this amount is practically a drop in the bucket. I am more curious about the regulations expected to accompany the terms of the settlement,” said Dan Goldstein, president and owner of digital marketing agency Page 1 Solutions. “If the financial losses don’t paint a clear enough picture for the tech industry as a whole, perhaps new regulations for one of its key players will finally convince these companies to begin protecting users instead of exploiting them.”