In addition to the fine itself, the company has also accepted an agreement.
It forces Facebook to implement a new privacy framework, and to be monitored and held accountable for decisions it makes about its users’ privacy and information it collects on them.
The FTC Press release reads, in part, as follows:
“The order requires Facebook to restructure its approach to privacy from the corporate board-level down and establishes strong new mechanisms to ensure that Facebook executives are accountable for the decisions they make about privacy and that those decisions are subject to meaningful oversight (for a period of not less than twenty years).”
Facebook also published a statement about their acceptance of the fine, but it offered little in the way of new information. Digging a bit deeper, however, some of the details of the changes coming to Facebook include the following:
- The formation of an independent privacy committee – The committee will be appointed by an independent nominating committee and be comprised of Facebook’s board of directors. The FTC says this will help limit CEO Mark Zuckerberg’s formerly unfettered control over decisions affecting user privacy.
- The appointment of Compliance Officers – These people will report to the new privacy committee and will be tasked with monitoring the entire company’s privacy program. The Compliance offers are not appointed by Facebook’s CEO or any Facebook employee, and no Facebook employee (including the CEO) can remove those officers. One of the responsibilities of the new Compliance Team will be to submit reports to the FTC.
- More and better external oversight of Facebook – The FTC’s ruling strengthens the role of independent third-party assessors who will conduct independent reviews of Facebook’s privacy program at two-year intervals.
Will these steps be enough? Only time will tell, but it’s certainly a great start. Kudos to the FTC for holding Facebook accountable and trying to be a force for change.