Under such a settlement, Facebook would have to complete a more rigorous privacy review of new products and services before launching them, the person said. The company would have to document its decisions, and its efforts to anticipate potential privacy pitfalls, which would help the FTC assess if the social-networking giant fully weighed the effects of its data-collection practices on users, the person said.
Facebook also would take a more active role in policing third-party app developers by reviewing their offerings and ensuring that they comply with Facebook’s own rules, the person said.
Every quarter, Facebook’s decision-makers, including chief executive Mark Zuckerberg, would assess the company’s privacy safeguards and sign off on them, according to two people familiar with the talks who also spoke on the condition of anonymity. Their regular reports would be submitted to a committee of independent members of Facebook’s board of directors, which would take on a more expansive role ensuring the tech giant properly handled users’ data. The Washington Post first reported last week that the FTC was interested in greater board oversight on Zuckerberg, who also serves as board chairman.
The settlement could also require Facebook to undergo more rigorous, regular checkups by an independent, third-party watchdog that must be approved by the FTC, according to the first person. If the company suffered future privacy mishaps, Facebook would have to report them more swiftly to the agency, much as the tech industry already must do under tough privacy laws implemented in Europe last year, the person said.
Taken together, the heightened federal oversight would amount to a major rethinking of Facebook’s approach to privacy, offering the FTC new teeth into the tech giant’s business decisions.
Facebook announced last week it had set aside $3 billion in anticipation of a record-breaking fine as a result of the FTC probe. Violations of any new settlement the company reaches with the agency would result in even harsher punishments in the future.
Facebook and the FTC declined to comment for this report.
In comments to The Post earlier this week, Zuckerberg hinted at the FTC’s probable impact on Facebook’s future, saying he thought news stories focusing on the unprecedented size of the expected fine missed the significance of the settlement.
“Most of the coverage that I’ve seen focuses on a dollar amount and, you’ll do your own reporting on the precedents around that and how meaningful that is,” he told The Post. “I actually think the much bigger deal is basically the things that we would need to do inside and how we would need to change how we operate."
Any settlement between Facebook and the FTC still could change dramatically. Negotiations are continuing, and the final say belongs to the FTC’s five commissioners, three Republicans and two Democrats. If the agency lacks at least three votes — or talks break down between Facebook and the FTC — the result could force the two sides to battle in court.
Such an outcome could prove bruising to both sides, experts said. The FTC isn’t guaranteed to prevail before a judge and obtain billions of dollars and fines and other changes to Facebook’s business practices that it seeks. And Facebook would have to contend with the prospect of a drawn-out, highly publicized review of its entire enterprise, one that could force Zuckerberg and his fellow executives to appear on the stand.
The FTC began investigating Facebook in March 2018 in response to revelations about the tech giant’s entanglement with Cambridge Analytica. The political consultancy improperly accessed personal data of 87 million Facebook users through the use of a quiz app as part of an effort to better target political messages at voters. But the scope of the FTC’s probe quickly expanded, following a slew of additional revelations last year about the company’s data-sharing relationships with other app developers, device makers and popular websites.
As the top privacy and security watchdog in Washington, the FTC sought to determine if Facebook's conduct violated a legally binding commitment it made to the government in 2011 to better safeguard users' data. Facebook and the FTC brokered that consent decree at the time to settle an earlier investigation into the tech giant's privacy practices. The order required Facebook to be more upfront with users about the data it collects, and what it does with it, while submitting to 20 years of regular privacy checkups by a third-party watchdog.
Appearing Thursday at a privacy conference in Washington, FTC Chairman Joe Simons declined to discuss the order and investigation. Broadly, though, he signaled the agency intends to rethink the way it penalizes companies for their privacy mishaps — seeking to send a message that it takes violations seriously.
Simons pointed to recent FTC settlements that, in addition to steep fines, require companies to submit to more oversight of their executives and their business decisions — some of the very remedies the agency is now considering with Facebook.
“I would expect you would see more records being established coming down the road,” he said.
Elizabeth Dwoskin in San Francisco contributed to this report.