Why Facebook’s Big Fine Isn’t Such A Big Deal

Last Wednesday, The New York Times reported that Facebook expects a $3-5 billion fine from the Federal Trade Commission (FTC) for violations of a 2011 consent agreement that required Facebook to obtain consent from users before it shared their data with third parties. The FTC likely views the Cambridge Analytica scandal as a breach of the consent agreement.  Facebook also likely violated its consent agreement when it gave certain partner companies special access to user data without obtaining explicit consent, as detailed by another New York Times investigation last December.

This would represent the most significant punitive action the FTC has ever taken against a tech company.  It is an encouraging sign that the FTC is willing to hold huge companies like Facebook accountable for their business practices, something it’s been criticized for failing to do in the past.

But given the fact that Facebook had almost $56 billion in revenue in 2018 alone, a $5 billion fine for ethically questionable but highly lucrative data sharing arrangements could simply be viewed as the cost of doing business, rather than as an effective deterrent against such activity.

Fines also cannot address many of the structural challenges of regulating data privacy.  As of now, the U.S. lacks a concrete definition of what a data privacy violation even is.  Per FTC v. Wyndham Worldwide Corporation, the FTC is allowed to regulate improper data security as an unfair business practice. However, the burden of proof for an unfair business practice is very high; if tech companies begin challenging and overturning FTC rulings in court, it could set a legal precedent that protects some of the questionable privacy practices we see now.  

Rather than relying on a case-by-case system of adjudication, the U.S. needs a national data privacy law that outlines specific rights that users have over their data and imposes firm requirements of transparency and accountability from companies that collect, share, and process user data.  Such a bill would not only facilitate the FTC’s regulatory efforts, but it would also simplify requirements for private companies by enacting one single standard to supplant the complicated, state-by-state legal landscape they currently operate in.

Evan Burke is a former policy analyst for The New Center, which aims to establish the intellectual basis for a viable political center in today’s America.