Report: Billion-dollar FTC fines could mark new era for privacy in US

Dive Brief:

Facebook is negotiating a multibillion dollar fine as part of a settlement with the Federal Trade Commission for an investigation into its privacy practice blunders, sources familiar with the matter told The Washington Post. The investigation began last March following the Cambridge Analytica scandal, and has since snowballed to include the company's "additional privacy mishaps."
The FTC's five commissioners have yet to vote on an agreement from the negotiations, reports The New York Times. The penalty centers around whether Facebook violated a 2011 agreement with the commission on measures it would take to protect consumer privacy, including obtaining consent for third party data sharing and notifying consumers of third party data misuse.
Facebook could strike a settlement, with a judge's approval, by agreeing to a fine and altering the business practices in question, as well as submitting to regular checkups to ensure its compliance, reports the Post. The company could also fight the penalty, though this could result in "significant reputation risk." The FTC can weigh the number of times a company violates a decree in the determination of a fine; while the commission has imposed fines in the billions of dollars before, the largest penalty handed down to a technology company was a $22.5 billion bill to Google in 2012.

Dive Insight:

Many eyes are on the FTC, which has become the national technology watchdog. If the commission begins handing down billion-dollar penalties to tech companies, the floodgates on regulatory enforcement of tech companies and privacy issues could be thrust open.

With GDPR in effect, the European arena is poised as the battle ground for companies to begin paying fines in the digital privacy space. The U.S. still lacks a federal data protection and privacy law, and the FTC stepping up its policing and levying such a large fine could mark a new era for accountability stateside as well.

While shifting tides have put many tech giants in the spotlight on data processing practices, Facebook has sat in the hottest seat for the last few years, thanks to high-profile scandals including:

Inappropriate access of user data through third-party Facebook applications by Cambridge Analytica, a political data analytics firm, made publish last March.
The breach of 29 million Facebook accounts through a security issue, made public in September.

The social media network recently came under fire for paying teenagers for their data. And many have questioned Marc Zuckerberg's absolute control of the company — especially as founders of its popular acquisitions, WhatsApp and Instagram, have departed from the tensions.

Many critics of the power of big tech have applauded the prospect of large fines. Relatively speaking, penalties leveraged on technology companies thus far have been in the tens of millions of dollars, even though many of these companies have market caps in the hundreds of billions — and now even trillions — of dollars.

GDPR's fining power (up to 4% of global annual turnover) put sharper teeth behind regulatory enforcement of data privacy and protection issues, threatening many companies with sizeable penalties they would not have been subject to before.

European regulators handed down the first major fine, around $57 million, to Google last month, though the company has announced it will appeal the penalty. While the fine was far short of the 4% regulators could have levied, it was still a major step in beefing up enforcement.