The social network faces investigations in Canada and Ireland, while it hopes to settle a dispute with the FTC in the US for $3bn.
The US case: In announcing its results for Q1 2019, Facebook revealed it set aside $3bn (20% of its quarterly revenue) to settle a dispute with the US Federal Trade Commission. It expects the fine to be anywhere between $3bn and $5bn, resulting from its recent conduct (the Cambridge Analytica scandal in particular) which led the FTC to investigate Facebook’s compliance with a settlement of 2011, in which the company agreed to have a ‘comprehensive privacy program’ and to obtain the express consent of users before sharing their data.
The Canadian case: In Canada, the Office of the Privacy Commissioner of Canada (OPC) announced the results of its investigation on Facebook’s practices. The company committed “serious contraventions” of Canadian privacy laws, including: unauthorised access; lack of meaningful consent; lack of proper oversight over the privacy practices of apps on its platform; and “overall lack of responsibility”. The findings follow an investigation of 2009; the OTC notes that Facebook failed to implement the recommendations of that inquiry, and is now rejecting the findings of the new one. The authority plans to take the matter to the Federal Court, and lamented lacking power to meaningfully enforce the privacy framework.
The Irish case: In Ireland, the Data Protection Commission opened its eleventh investigation into Facebook. This time, the action is related to the hundreds of millions of user password stored by Facebook in plain text format in its internal servers. The DPC was notified of it by the company, and will now determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.