The Federal Trade Commission said it would levy a “record-setting” fine against Facebook for the company’s many privacy sins. But, it turns out, the fine won’t likely harm Facebook very much or for very long. It’ll be more like a wrist slap–a loud sound but not much of a real sting.
The company and the agency are still in negotiations over the amount and terms of the FTC fine. But Facebook said in its Q1 earnings report that it’s taking a $3 billion loss in preparation for paying the penalty, which it expects will be between $3 billion and $5 billion. When the markets got wind of this, the company’s stock surged 4.6% in after-hours trading, and is trading up almost 8% hours after the earnings announcement.
An FTC fine of $5 billion would be a landmark penalty for a U.S. tech company: The agency’s biggest fine, against Google in 2012, was $22 million. But investors know that Facebook’s projected fine, even at the high end, isn’t much in the context of the company’s explosive advertising business. It would represent less than 9% of the company’s 2018 revenue of nearly $56 billion.
Facebook reported Thursday that that figure grew 37.35% compared to 2017’s numbers, and that it had brought in $15 billion in revenue in the first quarter of 2019, a 26% year-over-year growth. There are few reasons to expect the party won’t continue. Facebook and Google hold the best data for targeting ads at consumers, and dominate the digital advertising industry. Smaller advertising platforms can’t aggregate the breadth and depth of social and demographic data that the two giants possess, so the duopoly persists and grows.
There’s also the question of what issues the fine will settle.
The FTC has sought to penalize Facebook for a number of privacy abuses dating back to the company’s early days. Facebook made an agreement (a “consent decree”) with the FTC in 2011 that placed it on a 20-year “probation” and required it to tell consumers when their personal data would be used for advertising or by third parties. Most experts say Facebook broke that promise when it shared the personal data of millions of users with the Trump-connected political data science firm Cambridge Analytica.
The Cambridge Analytica affair turned out to be just the first in a string of privacy scandals involving Facebook. A bombshell New York Times report in November portrayed a company that cared far more about adding users, amassing their data, and more profitably monetizing that data, than respecting the privacy of its customers.
Facebook allowed its users to be subjected to a massive, coordinated Russian campaign to swing the 2016 U.S. presidential race toward Donald Trump by firing up right-wing voters and–most insidiously–attempting to persuade likely Hillary Clinton voters to stay home on Election Day.
More recently security researchers discovered that Facebook had asked users for their email account passwords as part of a security procedure, and then accessed and stored the email address books of up to 1.5 million of those users.
Ashkan Soltani, an Obama-era FTC chief technology officer, wrote on Twitter that Facebook may be buying a blanket absolution with its fine.
1) the settlement will likely include *all* past consent-decree violations
2) its unlikely FTC will re-open an investigation if they're in the middle of negotiations…
$3-5B will be a win for FB as it'll clear them from the more recent violations too (unencrypted passwd etc)
— ashkan soltani (@ashk4n) April 24, 2019
There’s no way of saying for sure, of course, until the FTC makes a formal announcement of the fine and the terms later this year.
More than any other company, Facebook has pushed the issue of personal data privacy to the attention of lawmakers in Washington, who are now circulating bills establishing stricter rules around how U.S. companies protect user data. Some of the bills being circulated give additional powers to the FTC to create additional rules and carry out enforcement actions. But Facebook and other tech giants have also been lobbying for federal regulations that would nullify more stringent state-level protections, such as those encoded in California’s landmark privacy law, which is set to go into effect in 2020.