Facebook is negotiating a multibillion-dollar privacy violation fine with the Federal Trade Commission, the Washington Post reported Thursday.

It would be the largest FTC penalty issued to a tech company and could mark a new era of privacy enforcement for the tech industry, privacy lawyers and professionals said. Google Inc. currently holds the tech industry record for largest FTC penalty, settling charges it violated a privacy agreement with the agency for $22.5 million in 2012.

In March 2018, the acting director of the FTC's Bureau of Consumer Protection Tom Pahl issued a statement confirming the agency was conducting a nonpublic investigation into Facebook's privacy practices and that it was “firmly and fully committed to using all of its tools to protect the privacy of consumers.”

The FTC declined to comment on the latest reports. Facebook did not immediately respond to comment.

“While the agency has agreed to larger monetary settlements for other types of legal regulatory violations, to date, the FTC's largest fine for data privacy violations has been just over $20 [million]. If the FTC is indeed seeking max recovery under the 2011 consent order with Facebook, the amount at play for alleged violations of the consumer privacy-related obligations and restrictions would be precedent setting,” said Richard Newman, an FTC investigations and defense lawyer at Hinch Newman, in an email. “Federal, state and international privacy regulators are sending a clear message that it is time for those in the tech industry to be responsible with data and ensure that proper protocols are implemented.”

Andrew Gordon, a privacy lawyer at Gordon Law Group in Illinois, said that, if Facebook is fined, it could send a signal that the FTC will increasingly use its enforcement power to protect consumer privacy rights. Which, Chris Hoofnagle, a professor of information and law at University of California, Berkeley, said could be a good thing for the U.S. tech industry.

Facebook's privacy practices have come under international scrutiny. The Menlo Park, California-based company is currently being investigated by the Irish Data Protection Commission over potential General Data Protection Regulation violations in the European Union. If Facebook is found to have violated GDPR, it could face fines up to 4 percent of its global revenue.

“From a big picture perspective, a multibillion-dollar fine [from the FTC] will be good for the U.S. industry. If the FTC does not fine Facebook severely, its deterrence narrative loses credibility, and U.S. companies will face more intervention from less flexible, foreign regulators,” Hoofnagle said in an email. “Thus, the FTC remedy is a bitter pill to swallow, but it is medicine against worse regulatory approaches technology companies will face from Europe if the FTC loses its credibility.”

Privacy lawyers said companies who don't want to face FTC fines should check their privacy policies and procedures. David Vladeck, faculty director of Georgetown Law Center's Center on Privacy and Technology, said in most cases the FTC can't impose civil penalties on first violations, noting there was no penalty imposed in the agency's first enforcement action against Facebook.

“Once a company is under an FTC order, simply comply with it,” Vladeck said in an email. “The FTC has hundreds of companies and individuals under order, and order violations are quite rare.”

Read More: