Statement of Robert Weissman, President, Public Citizen
Note: Today, the Federal Trade Commission (FTC) released the details of its settlement with Facebook.
In light of the company’s extraordinary record of privacy violations and its unparalleled reach across the globe and into users’ minds, elaborate procedural mechanisms that aim to ensure “compliance” are not going to do the trick.
Protecting Facebook users’ privacy requires structural change, substantive policies and impositions of liability to end Facebook’s improper and unprecedented corporate surveillance system.
The FTC settlement fails to deliver on those measures. It enables Facebook to escape genuine accountability for what it has done and leaves it likely that the company will betray its users yet again.
Structural change: Facebook has announced plans for two major shifts that pose massive risks to user privacy. The first is the integration of Facebook Messenger, Instagram and WhatsApp. The second is the launch of its new global, private currency, Libra. In light of Facebook’s atrocious privacy record, the FTC should have demanded it drop these two plans, each of which pose novel and unprecedented threats to consumers’ privacy.
Substantive policies: The bulk of the FTC settlement relies on elaborate processes to ensure Facebook complies with its own privacy policies. Based on Facebook’s record, and the general limitations of corporate “compliance” systems, there is every reason to be skeptical that this will make a difference. But even if Facebook “complies,” it is free to change its privacy policies unilaterally and at any time.
By contrast, the settlement does contain certain substantive requirements to protect user passwords. Other substantive provisions are, by and large, missing.
Commissioner Rohit Chopra explains that Facebook’s reliance on behavioral advertising – targeted advertising based on specific information about individual users’ actions – incentivizes Facebook to violate users’ privacy interests. In light of Facebook’s record of repeated privacy violations, the FTC settlement should have required an end to Facebook’s behavioral advertising system. The company would still be able to sell advertising in targeted ways – but it would not have the incentive to track every users’ click, every indication of their interests, thoughts, fantasies and proclivities.
As a company still led by its founder, who remains its largest shareholder, power at Facebook is concentrated in ways that are categorically different than other large, publicly traded corporations. Getting Facebook’s attention should have required an imposition of personal liability on Mark Zuckerberg – not just to make him liable in the future for improper certifications, but as part of this settlement.