eDiscovery Daily Blog

• July 22, 2019

It was just last week that we discussed the new (probable) largest fine since the General Data Protection Regulation (GDPR) was enacted last May, with the proposed fine of nearly $230 million against British Airways for a data breach last year.  But, this fine approved by the Federal Trade Commission (FTC) against Facebook for data privacy violations makes that fine look like peanuts.

As discussed by Sharon Nelson in her excellent Ride the Lightning blog (FTC Approves Fine of Roughly $5 Billion Against Facebook for Privacy Violations), the New York Times (subscription required) reported on July 12th that the FTC has approved a fine of roughly $5 billion against Facebook for mishandling users’ personal information, according to three people briefed on the vote, in what would be a landmark settlement that signals a newly aggressive stance by regulators toward the country’s most powerful technology companies.

The much-anticipated settlement still needs final approval from the Justice Department, which rarely rejects settlements reached by the FTC. It would be the biggest fine by far levied by the federal government against a technology company, eclipsing the $22 million imposed on Google in 2012. The size of the penalty underscored the rising frustration among Washington officials with how large technology companies collect, store and use people’s information and the Facebook settlement sets a new bar for privacy enforcement by United States officials, who have brought few cases against large technology companies.  In addition to the fine, Facebook agreed to more comprehensive oversight of how it handles user data. But none of the conditions in the settlement will impose strict limitations on Facebook’s ability to collect and share data with third parties.

The FTC’s investigation was fueled by The New York Times and The Observer of London, which discovered that the social network allowed Cambridge Analytica, a British consulting firm to the Trump campaign, to harvest personal information of its users. The firm used the data to build political profiles about individuals without the consent of Facebook users.

The agency found that Facebook’s handling of user data violated a 2011 privacy settlement with the FTC. That earlier settlement, which came after the company was accused of deceiving people about how it handled their data, required the company to revamp its privacy practices.

Facebook made more than $55 billion in revenue last year.  So, at 9.1 percent of annual revenue last year, this fine would be even more than a GDPR fine would be at 4 percent of global annual turnover.  Nonetheless, when the FTC fine was revealed, Facebook’s stock price rose, making it clear that investors were concerned the result could be even worse.  Maybe the “bite” from GDPR fines isn’t painful enough?

So, what do you think?  Do fines like cause your organization to re-evaluate your own security policies?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.