[This article updates and replaces an earlier article on what was expected in the Facebook/SEC setttlement.]
Under a settlement announced this morning with the Federal Trade Commission, Facebook will pay an unprecedented $5 billion, and accept expanded oversight of its practices in regard to protection of consumers' privacy -- including certifications of privacy protection steps by CEO Mark Zuckerberg himself.
Separately, the Securities and Exchange Commission announced that Facebook has agreed to pay $100 million to settle charges that it made misleading statements about the risk of misuse of Facebook user data.
Although $5 billion is about 30 times the FTC's largest-ever civil penalty to date, according to CNN Business, it represents only about one quarter's worth of revenue for Facebook.
"Facebook agreed to the deal following years of damaging admissions about the company's privacy practices, such as the inadvertent exposure of up to 87 million users' information to the political analysis firm Cambridge Analytica," sums up CNN. "The settlement resolves a formal complaint by the FTC alleging that Facebook 'used deceptive disclosures and settings' that eroded user privacy, violating a prior agreement Facebook signed with the commission in 2012. Facebook also broke the law, the FTC alleged, by misusing phone numbers obtained for account security purposes to also target advertisements to its users. And the company allegedly deceived 'tens of millions of users' by implying that a facial recognition feature on the service had not been enabled by default, when in fact it had."
The deal requires that Facebook's board form a privacy oversight committee of independent members (not fire-able by Zuckerberg), who will in turn appoint other officials who will be required to certify that Facebook is complying with the agreement. Zuckerberg is also required to make such certifications. The third party certifications must be based on auditors' findings, not company-provided information.
"False certifications would subject Mr. Zuckerberg and the [other compliance officers] to personal liability, including civil and criminal penalties," FTC chairman Joseph Simons said in a statement announcing the settlement.
The settlement does not require Facebook to spin off Instagram or Whats App.
Two FTC commissioners, Rohit Chopra and Rebecca Slaughter, dissented from the settlement, asserting that the fine is not large enough, and that the federal government should have sued Facebook to demonstrate that companies will not be allowed to flout FTC orders.
Separately, the FTC announced that it has reached settlements with Cambridge Analytica, the company's former CEO, Alexander Nix, and an app developer, Aleksandr Kogan, for alleged misuse of Facebook user data. (See separate article for more on the Cambridge Analytica settlement.)