Back in 2011, Facebook settled a case with the Federal Trade Commission and signed a unique agreement in which it pledged to follow several guidelines to protect users’ privacy. It’s very possible that this year’s Cambridge Analytica scandal showed that Facebook violated that agreement and could face “trillions of dollars” in fines. But eight months later, the FTC won’t say what’s happening with its investigation.
On Tuesday, the commissioners from the FTC sat before the Senate Commerce Consumer Protection Subcommittee to discuss the agency’s current priorities. At the top of virtually every senator’s list of concerns was what the FTC is doing to protect consumers’ privacy and hold tech companies accountable. In his opening statement, the Republican subcommittee chair Senator Jerry Moran criticized recent data breaches experienced by Facebook and Google, and he acknowledged that it’s abundantly clear that it’s time to pass a federal consumer data privacy law. He said that he hopes to work with the FTC on crafting that legislation and learning what tools the agency needs to do its job.
If the FTC is, in fact, doing its job and investigating whether Facebook has violated its 2011 consent decree, the agency’s chairman, Joseph Simons wouldn’t say. When Senator Richard Blumenthal asked Simons when the FTC’s investigation will be complete and when results will be presented to the public, Simons would only say, “It’s inappropriate for me to comment on a specific non-public investigation.” That was the standard response to any question about its investigations, including when Senator Edward Markey asked if the FTC is looking into YouTube and Google’s controversial targeting of children with deceptive marketing practices.
There were two major issues that came up again and again during the hearing: the FTC’s claim that it needs more resources and everyone’s acknowledgment that the agency has a poor track record when it comes to enforcement. In his opening statement, Commissioner Rohit Chopra tied the two issues together, saying that too often the FTC is willing to accept a settlement in order to avoid a costly trial. “While big penalties made for good headlines, I question whether they truly deterred lawbreaking,” Chopra said.
This point makes it all the more apparent that the agency has an excellent case on its hands to use as an example that it will follow through on enforcing its threats. Facebook has admitted that it mishandled the data of 87 million users and let it fall into the hands of a political data analytics firm that worked for the Trump presidential election campaign. This is something it was aware of in 2015 but only became public in March. The app developer that sucked up all that data from Facebook asked users for their permission, but it didn’t obtain permission to gather data from users’ friends. That could constitute a violation of the 2011 consent decree, in which Facebook agreed to notify users and gain explicit permission before sharing data with a third-party that falls outside of a users’ privacy settings.
In March, the Washington Post spoke with David Vladeck, the former FTC point-person on the Facebook settlement. Vladeck told the Post that the Cambridge Analytica case “raises serious questions about compliance with the FTC consent decree.” Facebook rejected “any suggestion of a violation of the consent decree,” but Vladeck still said that he fully expected the FTC to launch an investigation. Though Vladeck told the Post that Facebook could be confronted with a fine in “the trillions of dollars,” due to its agreement to pay $40,000 per violation, he doubted that the agency would impose such a heavy hand.
Still, the FTC could do something, anything really. It’s been weird to listen into Facebook investor calls since the scandal broke earlier this year and to never hear any questions about potential fines that could be coming. It’s almost like investors have no faith that the FTC will do its job. I can’t think of a better way for the agency to prove that notion wrong.