'The Price of Privacy Violations Just Went Up': FTC's $5B Facebook Fine Ups the Stakes for All General Counsel
In a press conference Wednesday morning, FTC commissioners said the agency's order against the tech company should be read as a signal that consumer privacy violations will be taken seriously in the U.S., even without a federal law addressing the issue.
July 24, 2019 at 01:46 PM
4 minute read
The original version of this story was published on Corporate Counsel
Facebook Inc.'s legal drama over user privacy violations took an expensive turn Wednesday morning with a record-setting $5 billion fine from the U.S. Federal Trade Commission, a penalty agency officers said has implications for all companies collecting user data.
The Menlo Park, California-based company has also reached a $100 million settlement with the U.S. Securities and Exchange Commission over inadequate privacy breach disclosures.
In a press conference Wednesday morning, FTC commissioners said the agency's order against the social media company should be read as a signal that consumer privacy violations will be taken seriously in the U.S., even without a federal law addressing the issue.
“The price of privacy violations just went up,” said Gustav Eyler, the director of the Department of Justice civil division's consumer protection branch, who spoke at Wednesday's briefing. He added the settlement is “an important part of” an “increased national focus” on consumer data protection.
Company leaders, including general counsel, should be “paying attention to privacy issues” and consider elevating related issues “to the board level,” Eyler said. Privacy is an issue “all firms should focus” on, he continued.
“This is Sarbanes-Oxley for privacy,” Eyler said. Federal legislators have held several hearings this year on a possible federal privacy act that could further clarify data protection rules in the U.S.
Many legal departments are already starting to focus on data collection policies, as the 2020 implementation date for the California Consumer Privacy Act—the first such U.S. state law—approaches. It's been just over a year since the European Union's enforcement of its General Data Protection Regulation kicked in, leading to mass fines against tech companies over privacy violations.
But Wednesday's fine—larger than any privacy penalty from the EU to date—is another reminder that consumer data protection concerns are at international agencies' top of mind.
For tech giant Facebook, the fine eats up 9% of its 2018 revenue and 23% of its 2018 profits. The FTC settlement also outlines structural privacy changes for the company's privacy policies, introducing a series of checks and balances.
For starters, Facebook must establish a board of directors committee solely focused on privacy, with members who can't be removed by Facebook employees or chief executive officer Mark Zuckerberg.
There are increased burdens on Zuckerberg and Facebook's ”designated compliance officers,” possibly including chief privacy officer Erin Egan, who must now “each independently certify to the commission that the company is in compliance.” Egan and any other designated privacy officers will also have to present a quarterly privacy report to an independent assessor.
According to a company representative, Michel Protti, currently Facebook's vice president of partnerships product marketing, has been nominated to chief privacy officer for product. In that role, he would “be responsible for [Facebook's] privacy program.” First, the company representative said, Protti needs to be approved by the privacy board. He does not have a law background and has not held any named privacy positions previously, according to his LinkedIn profile.
Facebook general counsel Jennifer Newstead, who joined Facebook in April from the U.S. Department of State, will provide Protti or the approved chief privacy officer for product legal advice. She and the legal department will also work with employees, particularly those that work on products, and the compliance team to meet Facebook's new obligations.
Her predecessor, Colin Stretch, signed off on Facebook's FTC settlement. Stretch announced his plans to leave Facebook last year, but promised to stay on for a transitional period this summer.
Wednesday's penalty stems from a yearlong investigation by the FTC into the social media company's alleged facial recognition practices, its collection and sharing of data without consent from users, and its lack of transparency for the collection of phone numbers for advertising purposes.
The company, which did not admit wrongdoing in the settlement, is also under investigation for privacy violations in the European Union.
Update: Facebook announced it's facing a separate FTC antitrust investigation Wednesday afternoon.
Read More:
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllInCloudCounsel Hires First GC to Continue Expansion in Asia
COVID-19, Remote Work and Cybersecurity Threats: 7 Pointers for In-House Counsel
Data Security Firm Druva Hires Former Apple, Broadcom Lawyer as Its First General Counsel
3 minute readTrending Stories
- 1Recent Decisions Regarding the Telephone Consumer Protection Act
- 2The Tech Built by Law Firms in 2024
- 3Distressed M&A: Mass Torts, Bankruptcy and Furthering the Search for Consensus: Another Purdue Decision
- 4For Safer Traffic Stops, Replace Paper Documents With ‘Contactless’ Tech
- 5As Second Trump Administration Approaches, Businesses Brace for Sweeping Changes to Immigration Policy
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250