
FTC Imposes $5B Penalty and Sweeping New Privacy Restrictions on Facebook - vonmoltke
https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions
======
jawns
A lot of the terms of the settlement deal with organizational changes, but
when you look at the very specific privacy restrictions that Facebook agreed
to, it's really, really problematic stuff:

* Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising;

* Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;

* Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.

This might, at first blush, seem like a win for users, but consider it from a
different perspective.

When a settlement involves promising not to do a bunch of really, really bad
stuff, that typically means the settlement doesn't have much bite. It's
comparatively easy for a company to agree not to do egregiously bad things,
and comparatively harder for it to agree not to do things that are still
problematic, but less egregious.

These things that Facebook has agreed to not do are way outside the boundaries
of ethical privacy practices -- but there's still a ton of gray area that
remains unaddressed.

So from Facebook's perspective, this is probably a big win. The settlement
allows the company to give the appearance of taking concrete steps to respect
users' privacy. But what it might actually mean is that there were many other
less egregious privacy violations that it was able to slip past the FTC's
judgment.

~~~
indiandragon
> prohibited from using telephone numbers obtained to enable a security
> feature (e.g., two-factor authentication) for advertising

Facebook is not alone in misuse or wrongful use of phone number given for 2FA.
LinkedIn explicitly requires phone number to be added on the profile to enable
2FA and makes the phone number visible by default to all the contacts, if you
don't want your phone number visible; you'll have to loose 2FA as LinkedIn
doesn't support authenticator or other alternate 2FA means(FB does).

I came to know this as after I enabled 2FA on LinkedIn, I started receiving
messages from random people on WhatsApp whom I later found to be my LinkedIn
contacts.

~~~
elliekelly
Yesterday I went to set up 2FA for MongoDB and entered my phone number in the
form but then realized I could use Authy so I never hit save/submit. I’ve
already gotten two text messages from them even though my account shows my
phone number as “Not Set.”

It really made me wonder what other shady stuff they might be doing with my
and my customer’s data.

~~~
jkestner
What's the /dev/null of phone numbers?

~~~
magashna
Occasionally I'll send the most relentless phishermen the number of a local
FBI office

------
zxcvbn4038
Does it bother anyone else that Facebook is being fined $5 billion while
Equifax, a company with a history of anti-consumer activity and privacy
violations going back decades, the company that congress was forced to enact
the Fair Credit Reporting Act to contain, and who gave away all the personal
information for over a hundred million people through its own negligence, was
fined a mere $650 million? Do you get the idea that this is less about
consumers and more about Zuck blowing off Congress?

~~~
pyython
Came here to say this! I still can't believe credit bureaus are allowed to
even exist. At no time do I give them explicit permission to collect my (very)
personal information, there's almost literally no way I can opt out (short of
not participating in the modern financial system), their interpretation of
this data has an outsized influence on my quality of life, AND they have
proven themselves incompetent at protecting this data!

If I'm worried about Facebook's use of my data the answer is simple: stop
using Facebook.

~~~
gridlockd
You _did_ give them explicit permission by participating in the modern
financial system.

That's why I keep saying all the hypothetical privacy concerns with Facebook's
Libra already are reality with the current financial system. Equifax also
didn't get fined because of _what_ they were doing, but because they were
negligent in handling the data.

Having said that, given the importance of consumer debt in the US economy,
credit bureaus are indispensable. They aren't going away any time soon.

~~~
pyython
> You did give them explicit permission by participating in the modern
> financial system.

This at best would qualify as _implicit_ consent. Which is very different and
not sufficient. There should _at the very least_ be a big button you have to
press for every agreement you enter into that shares data with credit bureaus
that clearly states that you: 1) consent to sharing all of your transaction
data with credit bureaus 2) are aware of the various ways the credit bureaus
might use your information 3) are aware of the potential consequences in
practical terms of how this usage might impact your life 4) are informed about
the way the data is stored/who has access to it/what your rights are
surrounding it

I would also like to see GDPR-style "right to be forgotten" laws that apply to
this data.

~~~
pyython
Coincidentally, since you brought up Libra: I actually think one of the
biggest bull cases for crypto in general (not necessarily Libra) is solving
this exact problem. You have an immutable record of all of your transactions
that is not explicitly tied to your identity (just a public key). The role of
a credit bureau when you apply for credit then would be to ask you to prove
ownership of (one or many) public key(s) that they can then run algorithms
over to assess your creditworthiness. They don't have to custodian the data at
any point. They can be compelled to forget that you are the owner of a
particular public key. The end user has full control over how their data is
used. And creditors are still able to assess creditworthiness. Win-win-win-
win.

------
thesausageking
The head of the FTC voted against it and gave his reasoning here:

[https://twitter.com/chopraftc/status/1154010756079390720](https://twitter.com/chopraftc/status/1154010756079390720)

One that stood out for me is complete immunity for for the execs for "known"
and "unknown" violations:

"Mark Zuckerberg, Sheryl Sandberg, and other executives get blanket immunity
for their role in the violations. This is wrong and sets a terrible precedent.
The law doesn’t give them a special exemption. The settlement fine print gives
Facebook broad immunity for “known” and “unknown” violations. What’s covered
by these immunity deals? Facebook knows, but the public is kept in the dark."

~~~
tareqak
Rohit Chopra is not the head of the FTC: he's one of the five FTC
commissioners [0].

[0]
[https://en.wikipedia.org/wiki/Federal_Trade_Commission#Curre...](https://en.wikipedia.org/wiki/Federal_Trade_Commission#Current_membership)

~~~
thesausageking
You're right. Thanks. I misunderstood what "Commissioner" meant.

------
watwatinthewat
I don't think I agree with Facebook getting a bigger fine than Equifax. I put
my own information on FB. Equifax compiled information on me without my
explicit consent. Both sets of data got into hands they shouldn't.

I realize that misses FB willfully doing what they did and Equifax not
intending to be hacked, but for me my consent is equal or more important than
what the holders of the data did after they had it.

Let's say I send a saucy picture to a friend and s/he shoots it all around to
show off his/her banging bodied boyfriend (that being the "profit" factor).
Now let's say a stranger finds my lost phone, gets the picture off the SD card
with intent to use it for some personal gain, and through some series of
events that gets leaked. Who did worse, the friend sharing the data I gave to
them, or the stranger who got it without permission? Missing from this is
Equifax had a lot more sensitive information than I put on FB.

~~~
Voloskaya
> I don't think I agree with Facebook getting a bigger fone than Equifax.

The issue is Equifax not being fined adequately. Let's maybe not use that as
the bar?

~~~
repolfx
Are you assuming here that Equifax could absorb any size of fine?

Also, you seem to be OK with the idea that any company that gets hacked could
be fined $5 billion. As being unhackable is an unachievable standard, that
effectively means the FTC could bankrupt almost any company on a whim. That
would be huge power in their hands _and_ would not magically stop exploits
from happening.

I think there's a big question about whether Equifax should have been fined at
all. It would appear to either require mass inconsistency by regulators, or
would put most US companies that rely on IT out of business.

~~~
Voloskaya
I think you have a tendency of assuming a little bit too much about what
others think based on 1 sentence.

> Are you assuming here that Equifax could absorb any size of fine?

Who said any size of fine would be appropriate? There is a lot of possible
fine size between 500M$ and the max they could absorb.

> Also, you seem to be OK with the idea that any company that gets hacked
> could be fined $5 billion

Where did I say that? I am OK with facebook getting fined 5B$ in this context,
that doesn't tell you anything about other hacks and other companies. I am
also a little bit reluctant to call facebook's case a "hack".

> I think there's a big question about whether Equifax should have been fined
> at all. It would appear to either require mass inconsistency by regulators,
> or would put most US companies that rely on IT out of business.

You should maybe think outside of the tech bubble for one second? What you
find apparently unthinkable is already in place in many other industries. Do
you think there will be no repercussion for Boeing's crashes if it was caused
by their carelessness? What do you think happen if an engineering company
builds a bridge and it collapses because of a design mistake? Yet mistakes are
human right?

Private data is something that should be protected. It is not as important as
human lives, but it is very important. If you build a business around handling
user's private data, but can't be bothered to properly protect them, then yes
you should get fined heavily or even put out of business.

And just like in engineering there should be investigations into what happened
to determine how much of it was pure carelessness and how much could not have
been realistically prevented. In the case of Equifax, they didn't even bother
applying security patches to their external facing software.

~~~
repolfx
The airline industry is heavily regulated and the software industry isn't.
Will Boeing be punished if they're found to have made a mistake - politically
it's an absolute certainty, legally I presume it'd depend on whether there was
an element of knowing to it, or whether all parties genuinely believed they
were doing the best thing for safety.

But despite how tempting it is to punish people who make mistakes, it's
generally understood that incompetence is not illegal and _should not be_.
Criminalising incompetence just makes everyone a criminal and hands absolute
power to prosecutors and regulators: a scenario warned against many times by
students of history.

------
InTheArena
"Facebook CEO Mark Zuckerberg and designated compliance officers must
independently submit to the FTC quarterly certifications that the company is
in compliance with the privacy program mandated by the order, as well as an
annual certification that the company is in overall compliance with the order.
Any false certification will subject them to individual civil and criminal
penalties."

This is actually the big thing here. Any disclosure or breaking of the data
makes Mark Zuckerberg personally liable.

We'll see if that gets Facebook's attention at all.

------
rad_gruchalski
Someone I work with found this:

The interesting part is in the write up from The Verge
([https://www.theverge.com/2019/7/24/20707013/ftc-facebook-
set...](https://www.theverge.com/2019/7/24/20707013/ftc-facebook-settlement-
data-cambridge-analytica-penalty-privacy-punishment-5-billion)):

> "The settlement’s $5 billion penalty makes for a good headline," FTC
> commissioner Rohit Chopra wrote in his dissent. "But the terms and
> conditions, including blanket immunity for Facebook executives and no real
> restraints on Facebook’s business model, do not fix the core problems that
> led to these violations."

$5 billion of cost with shareholders' money. Not bad.

~~~
almost_usual
Did you read the entire FTC write up? Facebook essentially doesn't have
control over how they handle privacy data anymore. I'd argue the fine is the
least damaging aspect.

"As part of Facebook’s order-mandated privacy program, which covers WhatsApp
and Instagram, Facebook must conduct a privacy review of every new or modified
product, service, or practice before it is implemented, and document its
decisions about user privacy. The designated compliance officers must generate
a quarterly privacy review report, which they must share with the CEO and the
independent assessor, as well as with the FTC upon request by the agency."

~~~
FireBeyond
Reports. Not approval.

Facebook has to _document_ what they're doing in the privacy world. They have
to prepare a report of what they did, and be willing to share it, and accept
the consequences (which they already effectively do, just more opaquely).

At no point does the compliance officer have to _approve_ "how they handle
privacy data any more", nor the independent assessor, nor the FTC.

They still have complete control over how they choose to behave and steer.
They just have to report on it.

------
goodmachine
People here missing the big win for Facebook, which is retrospective:

The FTC settlement indemnifies Facebook for "any and all claims prior to June
12, 2019"

[https://twitter.com/ashk4n/status/1154027557055975424](https://twitter.com/ashk4n/status/1154027557055975424)

~~~
rikroots
Is this true only in the US? Or can Facebook argue that the settlement with
the FTC effectively indemnifies them across other jurisdictions? I remember
there being something about courts in different countries respecting each
other's rulings, but not sure how such an argument would play in (for example)
the EU.

~~~
slim
it's true only in us

~~~
mirimir
But then GDPR is effective only in the EU.

At some point, wouldn't it be simpler to have the same policies globally? Or
is that too simpleminded?

~~~
jacquesm
Pity to see this downvoted. That's called 'harmonization'. It is one of the
bits that makes copyright law such a powerful law because the Berne convention
synchronized a whole pile of stuff in a very large chunk of the world. Similar
activity tends to occur in neighboring countries with respect to tax law to
avoid capital flight.

~~~
mirimir
I was thinking more of the arguably disproportionate impact that California
auto-emission limits have had in the overall US market. As I understand it, it
would cost too much to produce multiple state-specific versions. So the high-
population state with the lowest limits effectively sets the US standard.

But maybe that doesn't apply as much to online stuff. Because marginal cost
isn't so sensitive to volume.

------
swebs
>Facebook must exercise greater oversight over third-party apps, including by
terminating app developers that fail to certify that they are in compliance
with Facebook’s platform policies or fail to justify their need for specific
user data;

>Facebook is prohibited from using telephone numbers obtained to enable a
security feature (e.g., two-factor authentication) for advertising;

>Facebook must provide clear and conspicuous notice of its use of facial
recognition technology, and obtain affirmative express user consent prior to
any use that materially exceeds its prior disclosures to users;

>Facebook must establish, implement, and maintain a comprehensive data
security program;

>Facebook must encrypt user passwords and regularly scan to detect whether any
passwords are stored in plaintext; and

>Facebook is prohibited from asking for email passwords to other services when
consumers sign up for its services.

This is great! What do we need to do to get this to apply to other data
harvesting companies like Google and Microsoft?

~~~
nybble41
>Facebook must encrypt user passwords and regularly scan to detect whether any
passwords are stored in plaintext; and

Why are they storing passwords at all? It's not necessary for authentication.
They should only be storing a hash, or better yet a public key derived from
the password on the client.

~~~
constGard
It came to light that they were storing passwords in plaintext in an
application log. In theory they only store hashes in places where they
actually intend to store passwords.

------
superkuh
And now that those regulations are in place generally Facebook is locked in at
the top. And all it took was a $5 billion dollar single payment. The three
gears locked together unable to turn iconography they use in the article
represents this well.

~~~
naner
I had a similar question: can't these regulations be generalized? Or are we
going to have these same problems in 10 years with a company other than
Facebook?

------
annadane
I still find Facebook has one of the most toxic cultures of any company out
there. All they've ever done during their history is betray user trust, but
it's ok as long as they keep 'apologizing' and then doing nothing to fix it

~~~
nappy-doo
Did you work there? I worked there for 2 years (it was a mistake), and found
that the culture wasn't toxic, just obtuse. They never questioned what they
did, or thought about the implications. They focused on "move fast," without
really thinking through implications of things.

~~~
rainyMammoth
Working somewhere and seeing a place from the inside has nothing to do with
the fact that the company is toxic or not.

I think we all agree that Facebook takes really good care of their employees
and keep them happy, whatever it takes. That doesn't prevent the company to
produce a product that is toxic to humanity. It is of course difficult to see
that when you are extremely well paid and your salary depends on you producing
that product.

------
abecedarius
Former Chief Security Officer of Facebook on how the FTC judgment is fantastic
for Facebook and terrible for users (as @zooko summarized it):
[https://twitter.com/alexstamos/status/1154025820890865664](https://twitter.com/alexstamos/status/1154025820890865664)

~~~
rainyMammoth
I cannot stand Alex Stamos takes on all of this.

He WAS the CISO for Facebook during all the biggest scandals. He WAS the
person responsible for overseeing all of this.

He decided conveniently to exit Facebook once the bad press came over and now
he is trying to play the "expert card" on everything related to security and
democracy. It's really a shame that we don't keep him more accountable.

------
soulofmischief
Can anyone with a firmer understanding of the issue tell me if this is an
appropriate penalty or not?

Should we expect to see some of these prohibitions generalized to more
companies?

* Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising

* Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext

* Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services

~~~
SilasX
>Facebook is prohibited from using telephone numbers obtained to enable a
security feature (e.g., two-factor authentication) for advertising

Yeah, I'm honestly surprised that one wasn't already illegal.

~~~
jddj
An appropriate excerpt from Matt Levine's column (the gist is that relying on
the FTC, rather than Congress, is backwards):

" _Americans are biased toward thinking of bad things as being already
illegal, always illegal, illegal by definition and by nature and in
themselves. If the thing that Facebook did was so bad, then it must have been
illegal, so there is no need for a new law against it. At most we need a
settlement with Facebook clarifying exactly which things it did were illegal
and specifying that it won’t do them again._ "

Before Mark Zuckerberg (and possibly now Google), we didn't really have anyone
abusing personal data to such an extent that what they are doing is clearly,
to the average person, wrong. Dumping toxic waste into waterways/letting it
reach the groundwater is probably a similar example.

Every now and again an individual, company or industry comes along who is
callous enough to make money off the things that surely must be illegal before
and until they actually are.

------
linuxdude314
If there isn't escalation in price for violations past this in the future,
this may just be the new price to play ball.

~~~
vikramkr
This is not a sustainable amount to be fined. I think they made a net income
around 20 billion last year, this a quarter of that. A couple more of these
fines and that's a really dangerous situation - companies at Facebook's stage
are valued on multiples of earnings with growth, not revenues, and 75 to 50
percent reduction in earnings wiped a lot of shareholder value off the table,
meaning the shareholders (basically just zuck) would need to think twice
before committing these violations again.

~~~
throwaway2048
Except it didn't whipe a lot of shareholder value off the table, the stock
rose by 5% after fines were announced. Zuck himself made a cool billion off
the bump.

~~~
vikramkr
News like this is already priced in and the market reaction is an irrational
mix of random expectations. Some would have thought it would be more, some
will think that this the end of Facebook's regulatory troubles, some will
think that people overreacted over the last few days and are buying now that
the uncertainty of the fine is gone and we know how the settlement stands. If
this was a surprise 5 billion, then the stock would have dropped by way more
than the 25% you might expect because of panic. You also have the growth
story.

A good way to put it is that the stock price would not have changed by more
than a few percent today anyway, but in a world with no fine the starting
price would have been higher. And in a world where we see more and more 5
billion dollar fines, they'll be less and less shrugged off as one offs even
without increasing penalties.

------
rainyMammoth
It's sad that their stocks are still up after the announcement.

It is also sad that Facebook is still seen as a somewhat prestigious employer.
Some of my friends still brag about working there as if it was the pinnacle of
their tech career.

------
Waterluvian
What is the practical process in which $5B is handed over? Is it done over a
timespan? Does it get tied up in courts for years and years?

~~~
andylynch
Serious answer: the court has ordered them to wire transfer it within seven
days- it’s currently in escrow with their lawyers. Probably FedWire.

------
nrclark
Where does this $5B go, exactly? Into the general fund? If it goes into the
FTC's budget, then something is very wrong. This money came from our
citizenry, and should be restored to us through something meaningful.

~~~
jddj
To the US treasury, for general use.

Most (all?) federal fines are this way, although if they specified that some
of the total were to be used for direct compensation to victims, then that
could be included in the total as reported by the media but obviously wouldn't
be spendable by Congress.

I can't point to a case where that's ever happened, though, so the answer in
practice is "the US treasury".

------
mirimir
OK, I have a probably dumb question. In TFA, I see:

> Following a yearlong investigation by the FTC, the Department of Justice
> will file a complaint[0] on behalf of the Commission alleging that Facebook
> repeatedly used deceptive disclosures and settings to undermine users’
> privacy preferences in violation of its 2012 FTC order. These tactics
> allowed the company to share users’ personal information with third-party
> apps that were downloaded by the user’s Facebook “friends.” The FTC alleges
> that many users were unaware that Facebook was sharing such information, and
> therefore did not take the steps needed to opt-out of sharing.

So does this settlement correspond to that complaint? I'm guessing that it
must. But then, that means that the FTC negotiated the settlement with
Facebook based on an unfiled complaint. That rather implies that Facebook had
some influence over the complaint.

I guess that's not very different from plea bargaining in criminal cases,
however.

0)
[https://www.ftc.gov/system/files/documents/cases/182_3109_fa...](https://www.ftc.gov/system/files/documents/cases/182_3109_facebook_complaint_filed_7-24-19.pdf)

------
Hamuko
Is the "poor, greedy EU is trying to make money by taxing American tech giants
via fines for nothing" narrative still alive and well?

~~~
geodel
I think it is and it should be fine. Unless of course there is memo that EU
should be able to fine whenever they deem fit but people must not allowed to
criticize EU behavior when they find it egregious.

------
jshowa3
This isn't going to do anything. It's similar to an SEC fine. All it's going
to be is a legal write off for the company. What really needs to happen is
companies need to be broken up or violating privacy without consent needs a
criminal penalty. Strict. But I don't see how monetary fines damage companies
this large anymore...

------
samfriedman
And here is the DOJ complaint:
[https://www.ftc.gov/system/files/documents/cases/182_3109_fa...](https://www.ftc.gov/system/files/documents/cases/182_3109_facebook_complaint_filed_7-24-19.pdf)

------
singron
I decided to change the email address I have registered with facebook after
reading this ruling and seeing the long list of advertisers who uploaded
customer lists with my email address. However, facebook blocks me from
updating my email address and instead displays messages like "Sorry, this
feature isn't available right now"[0].

Has this happened to anyone else? Is there anything I can do besides creating
a new account with the right email address?

0: [https://i.imgur.com/4WEBAXD.png](https://i.imgur.com/4WEBAXD.png)

------
Havoc
Surprised how little coverage this is getting here. Maybe the FTC should have
added another zero to raise some pulses among the tech crew

------
mikestaub
I think an important detail is that as part of the settlement Facebook is
exonerated from all past 'mistakes'. This is actually really good for Facebook
and was the wrong move by the FTC. This will encourage future privacy abuses
as now they know they can 'get away' with it.

------
Santosh83
“This settlement’s historic penalty and compliance terms will benefit American
consumers, and the Department expects Facebook to treat its privacy
obligations with the utmost seriousness.”

So does this in theory apply just to the data of FB users who are American
citizens (although I guess practically it may not be feasible for FB to treat
non-American user data differently)?

------
robomartin
The most important privacy enhancement they could make is nowhere to be found
in this settlement:

Provide easy means for users to permanently delete all information, posts,
comments and messages, as well as a setting to automatically expire and delete
all if the above as desired. This should include backups.

~~~
msla
This is useless because of external backups, and not desirable because of
things like posts becoming evidence of criminality.

~~~
robomartin
Not useless at all. If websites are required, by law, to protect your
information, seek permission to share it and also institute retention policies
based on your preferences, this would be a huge improvement in privacy.

If by external backups you mean my cousin copying one of my photos and saving
it or something like that, sure, I take your point. However, I think you
understand exactly what I mean. There's a massive difference between that and
Facebook having an entire record of my life, complete with tags, pictures and
classifications, all of which I have exactly zero control over.

And, no, social media does not exist to facilitate law enforcement
investigations. If that is their primary purpose they need to disclose it. It
so happens that it can be used that way, but we should not pass legislation
based on the possibility of law enforcement using these databases to
effectively spy and reach for people's private information.

Cautionary tales abound, incuding:

[https://en.wikipedia.org/wiki/First_they_came_..](https://en.wikipedia.org/wiki/First_they_came_..).

------
mirimir
I'm curious why this is getting flagged. I suppose that it's so contentious
that it's generating pointless argument. But it _is_ a remarkable action by
the FTC. Especially given concerns after Obama-era privacy initiatives got
reversed.

------
joelx
[https://joelx.com/facebook-fined-while-murderers-go-
free/151...](https://joelx.com/facebook-fined-while-murderers-go-free/15106/)

~~~
throwaway2048
So I should be free to break any law less serious than murder, I'm sure a
judge will see the wisdom of your argument when I appear before them.

Gonna make so much money robbing these banks.

------
b_tterc_p
I get that fines don’t always offset the benefit gained from shady practice,
but frankly I don’t think Facebook got $5B from this. That’s ~25% of last
year’s net income. That’s a punch in the jaw.

~~~
throwaway2048
Considering their stock rose significantly after this fine was announced, I
don't think the people making money from Facebook agree with you.

~~~
eitland
Given my relationship with Facebook I want to agree and say the fines are way
to small, but for what I know it could also be that they hurt badly and the
reasons the stock rose was just because the stock marked had priced in an even
bigger fine.

Edit: yep, lots of them.

------
gehsty
The gear arrangement in the diagram showing how it will all work cannot turn
(triple gear engagement)!

Probably an unintentional but more accurate representations than what they had
in mind.

------
Pigo
I'd be curious to see where this fine goes. From what I seen most FTC fines go
to "the U.S. Treasury for general use". Not even Congress gets a chance to
mismanage it.

Then again, if they take it out of circulation, maybe it is a net gain for
everyone?

------
ausjke
at market cap close to 600B this is less than 1% of its "wealth"

------
moocowtruck
where should they send the check to so i can get my payout?

------
jacquesm
Any anti-GDPR advocates want to chime in on all those huge fines that the EU
was going to levy on every American company?

Props to the FTC for the size of the fine and the detailed explanation, not so
good that the perps get to walk - again.

------
snvzz
>$5B

So, basically free.

------
iooi
Take a look at NASDAQ: FB. <0.5% change. This means nothing.

~~~
iooi
Now up almost 4% after-hours on earnings :)

------
bogwog
That fine is a joke. They make like 5x that amount every month.

~~~
ijpoijpoihpiuoh
It's 1/4 of their annual net income. It's far from a joke, but it is true that
it isn't ruinous.

~~~
snvzz
It's basically nothing, compared to what they gain from not giving a damn
about privacy. Which they'll continue to do.

~~~
SpicyLemonZest
Is there a specific amount you think they gain from not giving a damn about
privacy? $5B is a lot of money! I worry that if you think it's "basically
nothing", you would've thought that no matter how much it was.

~~~
snvzz
Facebook's whole business model is to not give a damn about privacy.

Thus, all the money they make. All of it. The FTC now takes a small portion.

See Facebook care. (not)

~~~
SpicyLemonZest
But you're equivocating here. They're allowed to not give a damn about privacy
in the broad sense you're using; the FTC fined them only for the small subset
they weren't allowed to do.

If you think the government ought to just ban Facebook, sure, whatever, but
that's not the FTC's job.

