Facebook has agreed to a $5 billion settlement over allegations that the social media company mishandled user’s personal data.
The settlement, announced in a statement Wednesday by the Federal Trade Commission, is the largest reached with a tech company over user privacy.
As a result of the agreement with the government, Facebook CEO Mark Zuckerberg will have to certify, quarterly and annually, that Facebook is taking adequate steps to protect user data.
The settlement will also establish a Facebook privacy committee out of its board of directors that would make decisions surrounding privacy and data usage. Regulators sought to offset what it called Zuckerberg’s “unfettered control” to set privacy policies for the company.
The privacy committee would be responsible for approving compliance officers who would work alongside Zuckerberg in ensuring that the social media giant is within regulations and submitting certifications.
Facebook also “must conduct a privacy review of every new or modified product, service, or practice before it is implemented,” the government statement said.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” said FTC Chairman Joe Simons.
“The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC. The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations. The Commission takes consumer privacy seriously, and will enforce FTC orders to the fullest extent of the law.”
The FTC opened an investigation into Facebook last year, following revelations that political consulting firm Cambridge Analytica had accessed millions of Facebook user’s private information without authorization.
In particular, regulators were interested in investigating wether Facebook had violated a 2012 settlement that instructed the company to gain user consent before sharing personal data with other parties.
Wednesday’s settlement stems from allegations by the FTC that Facebook violated the 2012 settlement by “[using] deceptive disclosures and settings to undermine users’ privacy preferences .”
Two democratic commissioners voted against the settlement, asserting that the fine did not go far enough in punishing the company.
“The proposed settlement does little to change the business model or practices that led to the recidivism,” wrote Commissioner Rohit Chopra in a dissenting statement.
“Nor does it include any restrictions on the company’s mass surveillance or advertising tactics,” he wrote
Questions of privacy have been associated with Facebook for years.
Most recently, in a hearing over the company’s plans to issue a new cryptocurrency, lawmakers from both political parties questioned how they could trust the company, given its record on protecting user privacy.
As part of the settlement announced Wednesday, Facebook admits no wrongdoing.