How did we get to this point? It started in 2011 when Facebook made a settlement with the FTC after it was caught deceiving users about their privacy rights. This won’t come as a shock to anyone following the company’s recent struggles, but the FTC found Facebook breached privacy regulations when it repeatedly shared user data despite assuring the information would be kept private.
Instead of slamming the social network with a hefty fine, the FTC punished it by imposing a 20-year mandate barring the company “from making any further deceptive privacy claims” and requiring it get consumers’ approval before changing the way it shares their data.
In light of the recent Cambridge Analytica data scandal, the FTC has opened a “non-public investigation” to determine whether Facebook breached the legal agreement. In March, reports from the Observer and New York Times revealed political data firm Cambridge Analytica collected the personal information of millions of Facebook members and used it to manipulate their vote. The data was collected from a third-party app posing as a personality test and was later sold to Cambridge Analytica.
While around 270,000 users downloaded the app, its permissions allowed it to collect data from their friends. In total, 87 million people—including 71 million Americans—had their data exploited.
But that doesn’t get us to the estimated $7.5 trillion fine. Reinforcements come in the form of CEO Mark Zuckerberg acknowledging that “malicious actors” took advantage of a vulnerability in search and account recovery features and harvested data on “most” of Facebook’s 2.2 billion users. Using a “conservative estimate” from the Washington Post, an additional 110 million Americans (half of all Americans with a Facebook account) likely had their data scraped.
That brings the individual number of data breach incidents affecting U.S. Facebook users to around 180 million. If the FTC determines Facebook broke its agreement in both cases, it could fine up to $41,484 per offense. Take the number of offenses and multiply it by the maximum fee and you’ve got a fatal fine of around $7.5 trillion.
Obviously, a 13-digit fine would wipe Facebook off the internet for good, especially since its value dropped more than $100 billion in the few weeks since the Cambridge Analytica scandal was revealed to the public. In fact, the fine would amount to more money than is even in circulation, using the Federal Reserve’s $1.63 trillion estimates.
It’s very unlikely that the FTC would impose the fine to its fullest extent. Nevertheless, the social network is already on the defensive.
“We reject any suggestion of violation of the consent decree,” a Facebook spokesperson told the Post. “We respected the privacy settings that people had in place. Privacy and data protections are fundamental to every decision we make.”
The FTC would more likely use the theoretical fine as leverage to force Facebook to change its privacy practices. It could potentially limit how much data advertisers collect on users, a move that would threaten the company’s main source of income. It could also pressure the social network to build more tools for users to protect their information. Whatever the case, Zuckerberg and Co. would likely jump to action with trillions of dollars on the line.
H/T Washington Post