by GDPR Associates | 7th January 2019 2:15 pm
This year, the apologies will make way for accountability, and the talk of regulation will (potentially) turn to action.
But what does that mean exactly? How severe might any punishments be? Here’s what might happen to Facebook over the next 12 months.
The Irish Data Protection Commission announced in December that, thanks to “a number of breach notifications from Facebook”, it had launched an inquiry. The implications of this are potentially enormous, and regulators are treading on new ground, backed by fierce regulation designed to come down hard on firms deemed not to have kept personal data secure.
“The focus is going to be on what security measures they had in place, what procedures they had in place,” explained Kate Colleary, head of the International Association of Privacy Professionals.
“And if they’re deficient, well then it’s likely I would suggest that there’ll be an administrative finding.”
That administrative finding – in other words, the Data Protection Commission’s ruling on whether Facebook was in the wrong – could be enormously costly to Facebook. Under the General Data Protection Regulation (GDPR), put in place in May, a company can be fined up to 4% of its global revenue. For Facebook, that could be more than $1.5bn.
And it might not stop there. While inquiries are under way in Ireland, the US Federal Trade Commission is also examining Facebook’s conduct in relation to an agreement it signed in 2011. Broadly, the document made Facebook promise to obtain clear and proper consent if it wanted to collect and share user data. The company has insisted, multiple times, that it has not gone against that agreement, known as a “consent decree”. Even so, the FTC is taking a closer look.
If Facebook is found to be in violation the punishment could in theory be astronomical – the consent decree demands $40,000, per day, per violation. A violation, in this case, could mean “user”. There are around 80 million Facebook users in the US, which, if you get out your calculator, would mean around $3 trillion.
But that’s unlikely to happen. The goal of the FTC is not to put American companies out of business, but to discourage bad behaviour. Speaking to the Washington Post, Professor David Vladeck, a former head of consumer protection at the FTC, said to expect a fine north of $1bn.
“The agency will want to send a signal… that the agency takes its consent decrees seriously,” he told the newspaper.
One view that seems to have bipartisan support – in different countries around the world – is that Facebook is now too big and too powerful.
“We have a lot of competitors,” said Mark Zuckerberg during his appearance in front of the Senate in April – though he failed to actually name any. With WhatsApp and Instagram also on its books, there is no real alternative to Facebook – and if there was, the company would probably just buy it.
Facebook, as the New Statesman points out, is perhaps preparing for firm calls that its business gets split into smaller pieces by hiring in expertise on competition matters.
A campaign group, Freedom from Facebook, has demanded the company be broken into four chunks: the main Facebook network, WhatsApp, Instagram and Facebook Messenger. On top of that, it wants it to be easier to port our data from one network to another if we want to move around.
Former UK Deputy Prime Minister Nick Clegg is due to start as Facebook’s head of communications any day now, following the news of his appointment in October last year.
Citing a lack of experience in corporate comms, some wondered what exactly Mr Clegg would be doing. The former Liberal Democrat leader shared some of his thoughts with journalists at Facebook’s Christmas media party, and it focused around one phrase: “co-regulation”.
His job, he told me, was to be something of a bridge between the world he knows – politics – and the world he’ll soon inhabit – Silicon Valley. He wants to work with governments to create regulation that makes sense technically and ethically.
“It doesn’t make any sense,” said Ahmed Banafa, a privacy expert from San Jose State University, wholly unimpressed with the term “co-regulation”.
“Congress should run independently because they are taking care of us: the user, the citizen. Not the companies.”
It could be regulated (bringing the rest of tech with it)
“I don’t want to have to vote to regulate Facebook,” said US Senator John Kennedy, to Mark Zuckerberg, in April. “But by God, I will. That depends on you… Your user agreement sucks.”
There’s a sense in Washington that time is up for Facebook to show it has the ability to solve its problems on its own. And Facebook has repeatedly said it is open to regulation, so long as it’s the right regulation that doesn’t impact our ability to communicate freely online.
So what might regulation in 2019 look like? A policy paper from Democratic Senator Mark Warner – deputy chair of the Senate’s Intelligence Committee – is perhaps the most coherent argument yet for what could happen.
Broadly, Senator Warner wants to force networks to open themselves up to auditing by academics, provide better data portability so people can move from one service to the next, and offer comprehensive disclosures about what personal data has been stored, what it is being used for, and by whom.
Remember, these kind of measures wouldn’t just affect Facebook, but all platforms that use personal data – Google et al will be watching very closely.
So far, Facebook has said it backs the Honest Ads Act, which would compel sites to carry prominent messages about the funding source of political or issue-based advertising. That would be a good first step, but it won’t be enough. Lawmakers in the US are looking across the pond at Europe’s GDPR and thinking: “It can be done.”
Facebook is still growing, but not in the places where these scandals have hit hard. In the US, when looking at Daily Active Users, Facebook hasn’t grown at all over the past three quarters, and in Europe the number has actually fallen.
Might this continue? Could it get worse? Anecdotally, more and more people are sharing – on social media, naturally – how they are stepping away from Facebook. If they are not deleting their account completely, they’re deleting the company’s app from their phone.
But we won’t know for certain until at least 30 January, when the company announces its next set of earnings – and with it, updated statistics on use.
In a poll of just under 1,000 Facebook users conducted by analysis firm Creative Strategies in April 2018 – after the Cambridge Analytica scandal, but before some other high-profile data breaches – 31% said they would be using Facebook less in future. We’ll see.
The original article (and image) was originally posted here: https://www.bbc.co.uk/news/technology-46755608
Source URL: https://www.gdpr.associates/what-2019-holds-for-facebook/
Copyright ©2021 GDPR Associates unless otherwise noted.