The Federal Trade Commission and Facebook are hammering out the terms of a multi-billion-dollar fine, and it could have implications for the rest of Big Tech, with the expected terms already drawing fire from politicians.
Facebook (FB) - Get Report first disclosed the fine in its recent earnings report, which showed $3 billion being set aside in the quarter to cover what it said could be as much as a $5-billion or more penalty, which stems from Cambridge Analytica-related privacy violations. The FTC is alleging that Facebook violated a 2011 settlement with the agency, which mandated that Facebook overhaul its privacy practices to better protect users.
On Monday, two U.S. Senators on the Senate Judiciary Committee submitted a letter to the FTC saying the expected billion-dollar fine would be "a bargain" for Facebook and insufficient for holding the company accountable to users.
"We are deeply concerned that one-time penalties of any size every few years are woefully inadequate to effectively restrain Facebook," wrote Senators Richard Blumenthal (D-Conn.) and Josh Hawley (R-Mo.). "The FTC should impose long-term limits on Facebook's collection and use of personal information."
Facebook shares were down 0.9% to $192.20 in early trading on Tuesday and are up roughly 44% year to date.
The exact size of the fine is under negotiation, but the talks are expected to conclude within days, according to The New York Times. The paper reported that one of the sticking points in the talks is to what extent Facebook CEO Mark Zuckerberg should be held personally liable for the infractions. Zuckerberg, who serves both as CEO and chairman of the board at Facebook, also controls the majority of voting shares in the company.
The multi-billion-dollar fine would be among the largest ever imposed by the FTC, and the largest ever levied against a major tech firm. In 2012, the agency slapped a $22.5 million on Google for allegedly tricking Apple (AAPL) - Get Report Safari users into letting Google track their web activity. More recently, the agency fined the app Musical.ly, now known as TikTok, $5.7 million for failing to obtain proper parental consent in collecting the personal information of minors. It fined Verizon's (VZ) - Get Report Oath $5 million for a similar offense late last year.
Andrew Burt, chief privacy officer at Immuta and a former policy adviser to the FBI, explained that the FTC has become the "de facto" privacy regulator in the absence of a national privacy law.
"Not that many other regulators can clamp down on the types of security and privacy violations that have become all too common. The FTC is filling that space," he said.
While more oversight powers aren't falling on the FTC per se, with data breaches and other infractions on the rise in recent years, the agency has become one of the central enforcement mechanisms in an evolving landscape of U.S. privacy laws. A few states, such as California, have enacted their own laws around guarding consumers' data, but a variety of stakeholders, including major tech companies like Amazon (AMZN) - Get Report and Alphabet (GOOGL) - Get Report , are lobbying for a national standard.
The outcome of the FTC's negotiations with Facebook may be viewed as a litmus test for how far regulatory bodies can go in enforcing privacy standards.
"What's certain is that all tech giants -- and the software industry as a whole -- are going to come under increasing regulatory scrutiny. As the privacy and security implications of our reliance on digital technologies become clear, protecting our data will be one of the few issues that both the left and the right agree on," Burt added.