News by VICE

Facebook is about to be hit with a massive fine. It probably won't change anything.

“A fine almost certainly would not be enough to change Facebook’s behavior — we’re past that.”

by David Gilbert
Feb 15 2019, 6:16pm

The U.S. government will hit Facebook with a record-breaking multibillion-dollar fine over privacy violations, according to reports published Thursday in the Washington Post and the New York Times.

Yet experts warn that despite the reported size of the penalty levied by the Federal Trade Commission, without legal restrictions on how Facebook collects and processes data the impact will be limited.

“A fine almost certainly would not be enough to change Facebook’s behavior — we’re past that,” Jason Kint, CEO of Digital Content Next, a New York-based association of online publishers, told VICE News.

Lawmakers and privacy activists are closely watching the FTC’s investigation of Facebook as a test of whether or not the agency is going to take its lead from Europe, where tech companies have faced a much greater level of scrutiny over their data protection practices.

Facebook and the FTC are currently in negotiations over the exact amount the company will have to pay, according to the reports. The negotiations come at the end of an 11-month investigation into the Cambridge Analytica scandal that saw data belonging to 87 million customers improperly shared by Facebook — a violation of a consent order Facebook signed in 2011 to improve its data protection policies, according to observers.

Facebook declined to comment on the reports, telling VICE News that it is “cooperating with officials in the U.S., the U.K., and beyond.” But officials speaking to the Post said Facebook initially bristled at some of the FTC’s demands and there is still a chance negotiations could break down, a scenario that would likely lead to a bruising showdown in court.

“A fine almost certainly would not be enough to change Facebook’s behavior — we’re past that.”

A multibillion-dollar penalty would be a significant escalation in relations between Silicon Valley and the government. The FTC’s biggest fine levied on a tech company to date — the $22.5 million it demanded from Google in 2012 for circumventing privacy settings in Safari on iOS to track users’ behavior — would pale in comparison.

That alone is a sign of change, analysts said.

“The fact that the FTC is considering a multibillion fine shows just how serious it considers the privacy violations by Facebook,” said Frederike Kaltheuner, who heads up the data exploitation program at Privacy International. “This is serious and a strong signal for data protection authorities and regulators around the world about the need to impose severe sanctions for privacy violations.”

Led by the Electronic Privacy Information Center, rights groups last month called on the agency to impose a fine in excess of $2 billion, and to push for significant structural changes in how Facebook operates, including ending data collection from people who don’t use the service.

“The fact that the FTC is considering a multibillion fine, shows just how serious it considers the privacy violations by Facebook.”

Facebook, currently valued at over $465 billion with a cash stockpile of more than $50 billion, could easily weather a big fine, but what it does not want are restrictions on how its able to monetize user data to sell ads.

The question now is whether the FTC has the will to impose significant behavioral remedies against Facebook.

The FTC did not respond to questions about what other penalties or restrictions it could impose on the company, but the agency does have it within its power to hit Facebook where it hurts.

“The FTC has quite swingeing powers,” Emily Taylor, CEO of Oxford Information Labs, told VICE News. ”Settlement agreements between FTC and various tech companies are usually accompanied by undertakings to change the business' practices in ways that protect consumers.”

“Right now, we have a company with the same governance, same leadership, same business model that time and time again has been reckless in its actions.”

In Washington, there is currently significant appetite — on both sides of the aisle — to clamp down on Big Tech after a series of incidents laid bare how people’s data is scooped up, processed and sold by a raft of companies.

Along with the Cambridge Analytica scandal, the New York Times revealed in December that Facebook was sharing reams of personal data with some of the largest tech companies in the world. Beyond Facebook, Motherboard revealed in January that every major U.S. wireless carrier was selling their customers’ location data to third parties including bounty hunters.

But so far Facebook has not shown it is willing to make the necessary changes on its own.

“Right now, we have a company with the same governance, same leadership, same business model that time and time again has been reckless in its actions,” Kint says.

The European Model

Europe has been at the forefront of creating laws that protect the consumer rather than the company and just last week the German regulators told Facebook that it could no longer track users across the internet and merge that data with user profiles — a significant blow to the company’s business model. Facebook has appealed the ruling.

The Irish Data Protection Commissioner is currently investigating Facebook over its refusal to grant users access to the huge amount of web tracking data it collects. Facebook says it would take too much effort to retrieve from its servers.

“In a way, they are arguing they are too big to comply,” Michael Veale, a technology policy researcher at University College London, told VICE News. “That’s unlikely to fly in my view but is another avenue for Facebook to become non-compliant. The last thing they want is to have to show users how much of their browsing history they have.”

Regulators in Europe have not been shy about handing out hefty fines to Facebook and other Silicon Valley giants. Google was handed a $2.7 billion fine in 2017 for abusing its dominant position in the market.

But it is regulation and legislation that could have the biggest long-term impact on Facebook’s business model.

“In Europe, data protection law has considerable elements of control running through it, meaning that Facebook will struggle going forwards to ‘bundle’ its extensive data processing practices with its social network,” Veale said. “While they might be necessary for the business model, they’re not ‘necessary’ for delivering a social network.”

Cover: This March 28, 2018, file photo shows the Facebook logo at the company's headquarters in Menlo Park, Calif. Facebook says it is making progress with efforts to weed out fake accounts and fake news on its service. The moves are aimed at preventing election interference ahead of the U.S. midterms. (AP Photo/Marcio Jose Sanchez, File)