Martech: Martech is Marketing Logo
  • Topics
    • Customer & Digital Experience
    • Digital Transformation
    • Data
    • Marketing Management
    • Marketing Operations
    • Performance Marketing
    • Special Reports
    • All Topics
  • Conference
  • Webinars
  • Intelligence Reports
  • White Papers
  • What is MarTech

Processing...Please wait.

MarTech » Marketing Operations » FTC settlement with Facebook imposes tough new privacy rules, including personal liability for CEO Zuckerberg if violated

FTC settlement with Facebook imposes tough new privacy rules, including personal liability for CEO Zuckerberg if violated

There are lots of new privacy requirements, which Zuckerberg says he welcomes and others say don't go far enough.

Greg Sterling on July 24, 2019 at 12:06 pm | Reading time: 5 minutes

Facebook critics were grousing that $5 billion was too little to pay for the company’s alleged repeated violations of user privacy, in contravention of an earlier FTC consent decree. Indeed, the financial penalties could have been a great deal stronger. But we now know the settlement with the FTC comes with a range of strict new privacy requirements that impose substantial new compliance burdens on Facebook.

There are still some critics complaining that even the new privacy rules still don’t go far enough to place “meaningful limits” on the collection of personal data.

Changing the privacy culture of Facebook. Mindful of criticism of the monetary settlement, FTC Chairman Joe Simons said in a press release, “The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations. The Commission takes consumer privacy seriously, and will enforce FTC orders to the fullest extent of the law.”

So what must Facebook now do? A lot.

Independent board privacy committee. There will be a new independent privacy committee at the board level, “removing unfettered control by Facebook’s CEO Mark Zuckerberg over decisions affecting user privacy.” Members of the committee cannot be fired by Zuckerberg but only by a supermajority of the board.

In addition, Facebook will be required to appoint privacy compliance officers, who must certify on a quarterly basis that Facebook is in compliance with the FTC mandated program and will be personally subject to civil and criminal liability for any false representations. These compliance officers can only be hired and fired by the board’s privacy committee and not by any executive at Facebook including Zuckerberg.

Personal liability for Mark. Mark Zuckerberg must also sign off on the quarterly FTC privacy reports. He faces potential personal liability for any false statements or misrepresentations. (One question going forward will be how “material” must such misrepresentations be to trigger liability?)

An independent assessor, accountable to the FTC and the board’s privacy committee, will be tapped to review the state of Facebook’s privacy program every two years — for 20 years. That assessment cannot rely “primarily” on Facebook management’s compliance statements. It also appears that the assessor and FTC can use what amounts to legal civil discovery tools to gain information to assess compliance during that biennial review process.

These rules equally extend to Instagram and WhatsApp.

New product review and third-party oversight. Facebook will also be required to conduct a compliance review of “every new or modified product, service, or practice before it is implemented, and document its decisions about user privacy.” And when privacy events that compromise the data of more than 500 users occur, Facebook must document and submit them to the FTC and its privacy assessor within 30 days.

Additional new requirements include:

  • Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;
  • Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;
  • Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;
  • Facebook must establish, implement, and maintain a comprehensive data security program;
  • Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext; and
  • Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.

Speaking of third parties, Facebook today acknowledged that despite shutting down sharing of Facebook-friends data last year, some partners still had access due a bug in Facebook’s codebase. Microsoft and Sony were able to continue to access to Facebook friends’ data but that has now been corrected according to the company.

Zuckerberg says he supports the new rules. Mark Zuckerberg issued a statement in which he said, “I believe they will reduce the number of mistakes we make and help us deliver stronger privacy protections for everyone.” He added that the company’s next focus “is to build privacy protections as strong as the best services we provide. I’m committed to doing this well and delivering the best private social platform for our community.”

Why we should care. Say what you want about the $5 billion penalty, but the new privacy regimen that Facebook must comply with appears very strict. That’s reflected most obviously in the personal liability that Mark Zuckerberg and the company’s new privacy officers will face for false statements or misrepresentations to the FTC. And the third-party app policing rules are designed to deter and prevent future Cambridge Analytica-style data harvesting.

There are also some provisions of the new rules that could affect Facebook’s access to data for ad purposes, including limitations around the use of phone numbers and third party passwords.


Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.


New on MarTech

    Why martech integration needs more than technical skills
    An incredibly brief guide to shifting marketing offshore
    The latest jobs in martech
    Google favors helpful content over search engine-first in new update
    PGA TOUR transforms fan experience, analytics and customer feedback

About The Author

Greg Sterling
Greg Sterling is a Contributing Editor to Search Engine Land, a member of the programming team for SMX events and the VP, Market Insights at Uberall.

Related Topics

Marketing OperationsPerformance Marketing

Get the daily newsletter digital marketers rely on.

Processing...Please wait.

See terms.

ATTEND OUR EVENTS The MarTech Conference logo.

September 28-29, 2022: Fall

Start Training Now: Master Classes

Start Discovering Now: Spring



The SMX Conference logo.

Start Training Now:: SMX Advanced

November 14-15, 2022: SMX Next

March 8-9, 2022: Master Classes

Webinars

Tracking Growth From Organic Search

Beyond the Buzzword: Transform Digitally to Drive Organic & SEO Growth

Leap or Linger: Determining Which Ad Platforms to Test for Your B2B Brand

See More Webinars
Intelligence Reports

Enterprise Marketing Performance Management Platforms: A Marketer’s Guide

Enterprise Customer Journey Orchestration Platforms: A Marketer’s Guide

Enterprise Account-Based Marketing Platforms: A Marketer’s Guide

See More Intelligence Reports
Featured White Paper

The CMO’s Formula To 3x Your Digital Marketing Campaign Results

See More Whitepapers
Search Our Site

Receive daily marketing news & analysis.

Processing...Please wait.

Topics

  • Transformation
  • Operations
  • Data
  • Experience
  • Performance
  • Management
  • All Topics
  • Home

Our Events

  • MarTech
  • Search Marketing Expo - SMX

About

  • What is MarTech
  • Contact
  • Privacy
  • Terms Of Use
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS

© 2022 Third Door Media, Inc. All rights reserved.