What the Facebook Settlement Means for New Privacy Legislation

Does America need a new cop on the Internet beat? Or just clearer laws? The Federal Trade Commission, the de facto Federal Technology Commission, just announced a $5 billion fine over Facebook’s data sharing with app developers such as Cambridge Analytica. Some claim the FTC’s fine was a slap on the wrist compared to Facebook’s $55.8 billion in 2018 revenue. But consider more relevant comparisons:

• It’s over 22 times greater than the FTC’s previous record fine: $22.5 million against Google back in 2012.
• It’s roughly equal to the five largest settlements reached by the Consumer Financial Protection Board combined since the CFPB, Elizabeth Warren’s brainchild, launched in 2011 — including a $700 million settlement just reached by the FTC and CFPB with Equifax related to a massive breach of financial records. 
• The vast bulk of the CFPB’s settlements involve returning money to consumers. But in Facebook’s case, there’s zero quantifiable consumer harm. Whatever Facebook’s failings, it didn’t cheat consumers out of money. The FTC’s basis for the $5 billion figure is murky, at best — and the money will go to the Treasury, not consumers, as with Equifax. 
• If the FTC had decided to pursue the case in court, it might have gotten a lot less money — and maybe none at all. And Facebook agreed to heavy regulatory conditions that the FTC couldn’t have obtained in court.

In short, the FTC is being as aggressive as possible on privacy. The Commission’s approach to Facebook is consistent with how it’s handled issues like privacy and data security for more than 20 years — under century-old authority that is among the broadest and most amorphous of any federal regulator. 

Because that power is so murky, the FTC can’t impose penalties when it alleges a practice is unfair or deceptive (though it can get money to compensate cheated or injured consumers, as with Equifax). But once a company has settled one case and agreed to a 20-year “consent decree” — as virtually the entire tech sector has — the FTC may impose literally trillions of dollars in fines. Combine that with the fact that companies essentially always settle with the FTC and it becomes clear just how arbitrary the FTC’s power is.

Ironically, this power actually helps to entrench the dominance of Facebook and the other tech giants. Facebook is better positioned than any of its competitors to walk a compliance tightrope where even small mistakes can result in billions in fines. Even more burdensome is the compliance program demanded by the FTC. In effect, Facebook’s $5 billion settlement serves as a moat around the platform’s business model that anyone trying to challenge Facebook will have to cross. 

What lessons should Congress draw for federal privacy legislation?

First, while the FTC could certainly use more staff, it remains the right cop on the privacy beat. 

Second, unless Congressional reforms the FTC’s penalty authority, the Commission’s enforcement approach will be inconsistent. Whether the FTC can get privacy penalties at all shouldn’t depend on whether it can shoehorn a new case into a prior consent decree — but, rather, on willfulness: did the company know it was doing something illegal? A new privacy law would allow penalties in some cases where the FTC couldn’t impose them today. Yet without clear limits on total fines, the growing “Techlash” hysteria will continue to balloon fines ever larger. Yes, today’s tech giants will suffer, but the moats protecting them from competition will become impossibly deep — and enforcement will always be arbitrary and prone to abuse. 

On both scores, the CFPB’s penalty authority — written by Democrats — offers a more rational and predictable model. So does the privacy legislation proposed by President Obama in 2015. Such legislation would allow the FTC to come down hard when warranted, but also ensure that smaller companies don’t face unmanageable risks. That’s the best way to protect consumers. 

Berin Szoka is President of TechFreedom and Ian Adams is Vice President of Policy at TechFreedom, a post-partisan think tank focused on embracing technological change and pushing back against those who fear it and would control it.

Note to Readers: Issues & Insights was launched by the seasoned journalists behind the legendary IBD Editorials page. Our mission is to use our decades of experience to provide timely, fact-based, reported and deeply informed analysis on the news of the day.

We’re doing this on a voluntary basis because we think our approach to commentary is sorely lacking on the internet. If you like what you see, feel free to click the Tip Jar over on the right sidebar. And be sure to tell your friends!