The Federal Trade Commission is cracking down on big tech giants and imposing stiff fines on Facebook and Google, both accused of violating federal data privacy laws protecting users, including children.
The FTC announced Wednesday a $5 billion penalty against Facebook, the largest ever imposed on a company for violating consumers’ data privacy, and for “deceiving users about their ability to control the privacy of their personal information,” the agency said.
“The relief is designed not only to punish future violations, but more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations,” according to a statement from Joe Simons, the FTC chairman.
The FTC is also expected to levy a multi-million dollar fine against Google, over allegations that YouTube violated federal data privacy laws protecting children, according to a report this week in The Washington Post. Google is the parent company of YouTube. A recent study found that YouTube was the third most popular tool in K-12 educational institutions across the U.S. last year. In the same analysis, Facebook ranked 23rd among the top 40 ed-tech products accessed.
A spokeswoman for the FTC would not comment on the matter, saying no announcement had been made in the case against Google. A spokesperson for Google also declined to comment.
That investigation stemmed from concerns that children streaming YouTube videos had their data improperly collected—a violation of the Children’s Online Privacy Protection Act, or COPPA, which requires commercial websites and apps to get informed parental consent before collecting personal information on children under age 13.
Last year more than 20 consumer advocacy groups filed a complaint with the FTC arguing that YouTube was gathering personal data from children and using it to target advertising. YouTube does not require users of its site to sign in or verify their age to view content.
Groups concerned about data privacy protection for children, like Common Sense, lauded the FTC for enforcing COPPA in the case against Google.
“We urge the FTC to keep up the pressure by imposing fines with real monetary teeth and requiring meaningful structural changes from these platforms,” said James P. Steyer, founder and CEO of Common Sense.
Data Privacy Concerns Continue
In the investigation against Facebook, the FTC alleged that the social media platform repeatedly used deceptive disclosures and settings to undermine users’ privacy preferences. Users’ information was shared with third-party apps without their knowledge, but Facebook took no action despite being aware that these apps were violating the platform’s privacy policies, according to the FTC.
The financial penalty against Facebook also comes with requirements for its operations around data privacy in the future, which the FTC says will boost transparency around data privacy issues. The FTC order establishes an independent privacy committee of the company’s board of directors, the designation of compliance officers, and new external oversights, among other requirements.
However, Steyer, of Common Sense, said the requirements don’t “require real structural changes” of Facebook and “appears to absolve Facebook of any liability over additional abuses like tricking kids into in-app purchases,” he said in a statement. He called for policymakers to continue to work to hold Facebook accountable for lapses in privacy protections.
Jules Polonetsky, the CEO of the Future of Privacy Forum, also raised concerns and called for the FTC to be given civil penalty authority and more funding to conduct more privacy investigations and to increase its ability to hold companies accountable for privacy violations. He noted that the FTC does not have fining authority for privacy violations unless they relate to specific statutes like COPPA.