- CEO Mark Zuckerberg promises to "get this right" after Facebook was fined a record $5 billion for mishandling users' personal information.
- The settlement requires Facebook to establish a new board committee on privacy, while Zuckerberg will have to report each quarter to the FTC on how the company is taking steps to protect consumer privacy.
- It brings an end to a yearlong probe by the FTC into whether Facebook violated a previous order announced in 2012.
CEO Mark Zuckerberg promised on Wednesday to "get this right" after Facebook was fined a record $5 billion to settle claims that it mishandled users' personal information.
"We have a responsibility to protect people's privacy," Zuckerberg said in a statement posted to his Facebook page. "We already work hard to live up to this responsibility, but now we're going to set a completely new standard for our industry."
As part of the record-breaking settlement with the Federal Trade Commission, Facebook has been ordered to restructure its approach to privacy from the board level down to how it deals with developers. It also establishes new mechanisms to make sure the company is held accountable for any future privacy violations.
Shares of Facebook were down slightly during morning trading, but turned higher in the afternoon.
Zuckerberg said he and other executives will closely examine whether future products, specifically those that use data in new or revised ways, meet its privacy commitments. To further this effort, Zuckerberg said the company has appointed one of its "most experienced product leaders" to a new role of chief privacy officer for products.
"We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work," Zuckerberg said. "And we expect it will take longer to build new products following this process going forward."
"As we build our privacy-focused vision for the future of social networking that I outlined earlier this year, it's critical we get this right," Zuckerberg added.
Zuckerberg addressed the sweeping FTC action at a company-wide event on Wednesday morning.
COO Sheryl Sandberg said the new privacy requirements will result in greater accountability from the company and its executives, as well as developers of third-party apps.
"This is a new chapter for us. Privacy is core to our vision for the future and we're changing the way we operate at every level," Sandberg said in a statement. "The settlement makes sure that we are clear with people about how we use their information and that we protect it. This will help us better serve our community by making sure the work we do is at the standard that people expect of us."
In a separate blog post, Facebook general counsel Colin Stretch said the hefty fine will require a "fundamental shift" in the company's approach to developing products and how privacy is figured into those decisions.
"Going forward, our approach to privacy controls will parallel our approach to financial controls, with a rigorous design process and individual certifications intended to ensure that our controls are working — and that we find and fix them when they are not," Stretch said.
When Facebook uncovers issues with its future products, it will "work swiftly to address them," Stretch added.
In addition to the FTC action, the Securities and Exchange Commission announced Wednesday it reached a settlement with Facebook over claims it insufficiently warned investors about the risk of misuse of user data. As part of the SEC decision, Facebook has agreed to pay a $100 million fine.
"We have heard that words and apologies are not enough and that we need to show action," Stretch said. "By resolving both the SEC and the FTC investigations, we hope to close this chapter and turn our focus and resources toward the future."
Facebook has agreed to establish a new board committee focused on privacy, which will appoint two privacy compliance officers. Zuckerberg will be required to make quarterly and annual reports to the FTC, certifying that the company is following the mandates outlined in the FTC order, among which include stricter oversight over third-party apps and stronger privacy protocols.
Facebook was not required to admit or deny guilt as part of the deal, which is customary in FTC agreements.
The settlement brings an end to the FTC's yearlong probe into whether Facebook violated the terms of a 2012 consent decree, in which it promised to protect consumers' data and be transparent about how it uses such information.
"Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers' choices," FTC Chairman Joe Simons said in a statement. "The magnitude of the $5 billion penalty and sweeping conduct relief are unprecedented in the history of the FTC."
"The relief is designed not only to punish future violations but, more importantly, to change Facebook's entire privacy culture to decrease the likelihood of continued violations," Simons added.
The FTC's settlement was approved by a vote of 3-2, with Democratic appointees Rohit Chopra and Rebecca Kelly Slaughter opposing the decision. The commissioners laid out their concerns in written dissents, noting they would have preferred to held Zuckerberg liable in the complaint.