The Federal Trade Commission slapped Facebook with a record-setting $5 billion fine for mishandling user data — and imposed a bunch of restrictions on what it can and cannot do, including: - Exercising greater oversight over third-party apps - Prohib...
facebook, ftc, data, privacy, cybersecurity
The Federal Trade Commission slapped Facebook with a record-setting $5 billion fine for mishandling user data — and imposed a bunch of restrictions on what it can and cannot do, including:
- Exercising greater oversight over third-party apps
- Prohibiting the use of cell phones numbers obtained for two-factor authentication for advertising
- Providing clear and conspicuous notice of its use of facial recognition technology
Concerns over the growing power and reach of not only Facebook, but also Apple, Amazon, and Google are coming to a head, with the Justice Department announcing that it’s opening an official antitrust review of the world’s biggest tech companies
This punishment sets a precedent for the kind of punishment that tech giants could expect for mishandling users' data — and is a direct response to the Cambridge Analytica scandal, in which data from over 50 million Facebook users was improperly obtained by a political data-analytics firm.
It was on record that the data was then used by the firm, Cambridge Analytica, to target American voters in the 2016 US presidential election.
The Regulations and how they affect you
Regulation 1: - "Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook's platform policies or fail to justify their need for specific user data."
This is to stop third-party companies who have so far been able to access a massive amount of user data through Facebook without the social-media giant stepping in to stop it.
Regulation 2:"Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising."
The second regulation directly concerns users inputting their personal phone number into Facebook for "two-factor" authentication. This type of security requires users to receive either a text message or a phone call with a unique numerical code before they're allowed to access their Facebook account.
That phone number is being given under the pretense of security, and thus Facebook is being required not to use this data for financial gain (such as advertising).
Regulation 3:"Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users."
The third regulation pertains to Facebook's ability to recognize faces from photos uploaded to the social-media network, and it says Facebook must alert users when facial-recognition software is used.
Regulation 4:"Facebook must establish, implement, and maintain a comprehensive data security program."
The fourth regulation is broad — Facebook is required to "establish, implement, and maintain" an oversight committee.
Regulation 5:"Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext."
The fifth regulation concerns how passwords are stored by Facebook: The company must now keep passwords encrypted. This is a measure of internal and external security — both so Facebook employees can't see user passwords but also so hackers can't retrieve passwords stored without encryption.
This is a standard practice for any company operating a service with users who use passwords.
Regulation 6:"Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services."
One major component of Facebook is verifying the identity of its users, and one way to do that is by using a third-party service that has already verified a person's identity. But that's far more banal than Facebook asking for the login information used on third-party services, like Google.
As such, the sixth and final regulation imposed on Facebook specifically says Facebook is not allowed to ask for that login information.