14 August 2019
Recently, the Federal Trade Commission (FTC) announced a record-breaking $5 billion penalty against Facebook for a series of data privacy violations culminating in last year's Cambridge Analytica scandal. The fine is far larger than any that has ever been imposed globally for data privacy or cyber security violations, and one of the largest penalties that has ever been assessed by the U.S. government for any type of violation. The settlement requires Facebook to put into place a series of controls designed to enhance privacy protections in addition to paying the fine. On the same day as the FTC settlement was announced, the SEC also announced penalties against Facebook for making misleading disclosures regarding the risk of misuse of user data. The FTC order came just days after the FTC announced a settlement with Equifax in which the consumer credit reporting agency agreed to pay up to $700 million to consumers and state and federal authorities for its 2017 data breach. These enforcement actions are indicative of the increased scrutiny by U.S. regulators on data privacy, and may well be a harbinger of more frequent aggressive actions to come.