Facebook has come to an agreement with the United States Federal Trade Commission (FTC) to pay a $5bn fine in order to end an investigation into possible consumer privacy violations.
The social media network has also agreed to implement a new privacy structure in order to avoid future violations. This will involve the creation of a board committee on privacy, which will be tasked with providing regular assurance that the user data it holds is being used appropriately.
The FTC investigation was launched in the wake of incidents such as the Cambridge Analytica scandal, which saw the data of millions of Facebook users harvested by a third-party without permission and used to profile and target voters ahead of political votes.
The $5bn fine is the largest that the FTC has ever set in a data security case, but how does it compare to Facebook’s finances and what impact is it likely to have?
How does Facebook’s $5bn fine compare to past FTC settlements?
Facebook is the first company ordered to pay a seven-figure sum by the FTC for a data breach, topping the previous record by more than 600%.
This is the second time in a week that the FTC has imposed a record data breach fine, following the $575m to $700m settlement agreed by Equifax on Monday as a result of the 2017 breach that compromised data belonging to 147 million of its banking customers.
Prior to this, the largest fine issued was in a case involving ride-hailing app Uber for $148m. The startup had attempted to cover up a 2016 cyberattack that compromised data belonging to 57 million of its drivers and customers by paying the attack to keep quiet.
Prior to this, the record data breach fine stood at $18.5m, agreed with Target in May 2017, despite data belonging to some 70 million of its customers having been exposed.
This just beat the previous record, set by infidelity dating platform Ashley Madison. The site was handed a $17.5m fine in December 2016 following the leak of data belonging to its 46 million users.
Source: various. Chart created with: Datawrapper.
What impact will the FTC fine have on Facebook’s finances?
Compared to past settlements agreed with the FTC over data breaches, $5bn is significantly more than anything we’ve seen previously.
According to FTC chairman Joe Simons, it is hoped that the magnitude of the fine will “change Facebook’s entire privacy culture to decrease the likelihood of continued violations”.
However, in reality, Facebook will probably be quite happy to absorb what equates to approximately one quarter’s profits.
“The settlement mentions quarterly assessments. It also mentions an independent assessor. All is great, but not good enough in my opinion,” Fouad Khalil, VP Compliance at SecurityScorecard, told Verdict: “You still wonder how seriously Facebook will take the privacy of their consumers? The fine is less than last quarter’s revenue, so the financial impact is minimal.”
The social media giant already set aside $3bn of its net income in the first quarter of 2019, assuming that it would be hit with a record-breaking fine. Even if it had anticipated the full $5bn it must pay, it still would have recorded $430m in profit for the first three months of the year.
With $45.2bn in cash and securities on hand, according to its latest balance sheet, for unexpected expenses like this, the fine will have little financial impact on the social media giant. Source: Facebook. Chart created with: Datawrapper.
How much will Facebook pay per user impacted?
Some 305,000 are believed to have installed the quiz app that was used to gather person information that was later used to profile and target voters during major political campaigns. However, the breach is believed to have affected up to 87 million Facebook users by recording the public data available through users’ friends networks.
The data stolen in the Equifax breach included addresses, Social Security and credit card numbers, while Facebook did not expose information beyond what users had published on their Facebook profiles. Yet, Facebook’s $5bn fine equates to just under $60 per user. That is significantly higher than the cost-per-user of the $700m fine handed to Equifax earlier in the week, which equates to $5 per hacked customer at most.
With the FTC wanting to show enterprises the importance of protecting user data in the wake of a number of large-scale breaches, the fines issued to Facebook and Equifax may set a precedent for future cases.
Prior to this month, the largest fine awarded equated to just $2.60 per user — the Facebook fine is a 2,100% increase on that.
Source: various. Chart created with: Datawrapper.
How has Facebook’s stock price responded to the FTC fine?
On the day after the New York Times and The Guardian first reported on Facebook’s role in the Cambridge Analytica scandal, the social media company’s stock value was down by 7% by closing, equal to approximately $36bn.
By late March, Facebook had seen $100bn wiped off its value since it had peaked above $190 in February.
Despite further losses throughout 2018, which saw Facebook shares fall to a two-year low below $130, the social media giant is now back trading at above a pre-Cambridge Analytica price.
That remains unchanged following the FTC settlement. Facebook stock started the day at $178 yesterday and reached a low of just $177 before closing at $180.60.
Facebook stock has since climbed towards $190 following the publication of its latest earnings, which saw revenue climb by 28% year-on-year to $16.9bn.
According to Dr Ben Marder, Senior Lecturer in Marketing at University of Edinburgh Business School, these results show that, despite the scrutiny from regulators, both users and investors continue to support the platform:
“Though the social media platform continues to draw fire, hate and visceral comments from governments and activists over privacy and antitrust issues, Q2 earnings show investors and more importantly users have faith in this giant’s ability.”