By: Neli Traykova
The saga of Facebook’s privacy protection, or lack thereof, began in July 2012 when the Federal Trade Commission (“FTC”) charged Facebook with privacy related violations. The resulting settlement included set prohibitions regarding consumers’ privacy and security, and a requirement that Facebook implement a privacy program.After Facebook violated the 2012 FTC order, the Commission probed into the company’s data misuse which revealed the privacy violations were worse than they first appeared. Facebook made consumers’ data available to app developers, failed to address privacy risks by third party developers, and misrepresented the extent to which consumers could control the privacy of their data.
In July 2019, Facebook agreed to pay a $5 billion penalty following the FTC’s probe into the company’s data misuse.The FTC approved a 20-year settlement by a 3-2 vote which requires Facebook to overhaul its privacy regime, establish a privacy committee, and require compliance officers to submit quarterly compliance certifications.The FTC intended for the deal’s accountability provisions to serve as a model for industry privacy protection, punish future violations, and decrease the likelihood of ongoing violations.
Although the Facebook deal is both unprecedented and the largest penalty ever imposed by the FTC, critics, including the Democratic members of the Commission, argue it is simply not enough to deter future violations.Apart from the critics’ demand for a harsher punishment, the Center for the Legalization of Privacy (“CLP”) filed an amicus brief in October 2019 opposing Facebook’s deal. CLP argues that the Commission’s order could be interpreted to grant the FTC and the DOJ warrantless access to Facebook users’ data, creating “a risk for Facebook user privacy in the guise of protecting it.”
This deal permits warrantless data access and conflicts with the Supreme Court’s 2018 decision in Carpenter v. United States.In Carpenter, the Court held that an individual has a reasonable expectation of privacy in historical cell phone location data and the government must obtain a warrant before accessing such information.Thus, the FTC settlement could be interpreted to allow the FTC and DOJ warrantless access to Facebook user data, disguised as ensuring Facebook is following privacy guidelines.Just as the Fourth Amendment demands government officials obtain a warrant to access cell phone location data, this protection should similarly extend to individual Facebook user data. Further, the amicus brief filed by the CLP notes that the third party doctrine, which states that a warrant is not required to access information given to a third party, could greatly hinder the future of our privacy.If the third party doctrine applies in its current language to Facebook, it could potentially turn Facebook into an “open information pipeline” for the DOJ and FTC.
While the D.C. District Court faces pressure to reject the privacy deal, Facebook’s general counsel, Colin Stretch, recently stated that the deal changes the way Facebook creates new products for the marketplace.Under the surveillance of the FTC and DOJ, Facebook faces pressure to put privacy first in its current and future products, giving users more control over their data and even closing down apps.As Facebook continues to weigh user privacy against its pecuniary interests, social media will continue to change with consumer tastes and societal demands. With this backdrop of user privacy in mind, it will be difficult to forecast the developments and apps that will define teen generations to come.
Lesley Fair, FTC’s 5 Billion Facebook Settlement Record Breaking History, FTC: Business Blog(July 24, 2019, 8:52 AM) https://www.ftc.gov/news-events/blogs/business-blog/2019/07/ftcs-5-billion-facebook-settlement-record-breaking-history (noting that the 2012 lawsuit was based on eight separate privacy related violations).
Allison Grande, Facebook to Pay a Record $5B FTC Fine for Privacy Breaches, Law360(July 24, 2019), https://www-law360-com.proxy.wcl.american.edu/articles/1142607.
Id. (referring to a statement made by Facebook’s general counsel, Colin Stretch, who pointed to the deal’s accountability provisions, which surpass what is currently required by U.S. law).
Id. (discussing the two Democratic commissioners’ dissenting statements calling for a larger fine, more fundamental changes in the way Facebook shares user data, and holding Mark Zuckerberg personally liable)
Allison Grande, $5B Facebook Deal Lets Gov’t Grab User Data, Court Told, Law360(Oct. 15, 2019, 10:04 PM), https://www-law360-com.proxy.wcl.american.edu/articles/1209490/-5b-facebook-deal-lets-gov-t-grab-user-data-court-told.
Brief of the Center for the Legalization of Privacy as Amicus Curiae in Opposition to Consent Mot., 5, 1:19-cv-02184 (October 15, 2019).
Carpenter v. United States, 138 S. Ct. 2206 (2018).
CLP Brief, supra note 8, at 5.
See Id.at 5 (discussing the validity and scope of the third party doctrine).
Michael Nunez, FTC Slaps Facebooks With $5 Billion Fine, Forces New Privacy Controls,Forbes(July 24, 2019), https://www.forbes.com/sites/mnunez/2019/07/24/ftcs-unprecedented-slap-fines-facebook-5-billion-forces-new-privacy-controls/#5e41cf395668.
See Colin Stretch, FTC Agreement Brings Rigorous New Standards for Protecting Your Privacy, Facebook(July 24, 2019, 12:16 PM), https://newsroom.fb.com/news/2019/07/ftc-agreement/ (noting Facebook’s strides on privacy and changes in the way the company handles data).