Fines alone will not protect data privacy

One powerful tool that Facebook users retain is where they take their custom

Mark Zuckerberg, chief executive officer and founder of Facebook Inc., listens during a joint hearing of the Senate Judiciary and Commerce Committees in Washington, D.C., U.S., on Tuesday, April 10, 2018. Zuckerberg apologized, defended his company, and jousted with questioners while agreeing with others during his first-ever congressional testimony. Early reviews on his effort to restore trust with lawmakers and the public were mostly positive. Photographer: Al Drago/Bloomberg
Powered by automated translation

After it emerged last year that a single researcher had harvested the data of at least 50 million Facebook users and sold it to consulting firm Cambridge Analytica, US regulators promised harsh penalties for the social media giant. Now the US Federal Trade Commission has hit Facebook with a $5 billion fine – by far the largest penalty for a tech company in its history – for violating the privacy of its users and breaching a consent agreement that required the company to get permission before sharing personal data.

This is a huge sum, which should motivate tech firms to improve their privacy practices. It reflects a changing dynamic, with the decline of traditional media and the rise of behemoths such as Facebook, and the need for regulators to respond to a transformed landscape in kind.

However, legislators and privacy advocates have argued that the fine does not go far enough. Given that Facebook's share price actually rose following the decision – with investors having feared the worst – it is hard to disagree.

When viewed against the sheer scale of Facebook – which also owns Instagram, Snapchat and WhatsApp – the fine amounts to "a tap on the wrist", in the words of US senator Richard Blumenthal. Last year alone, Facebook recorded $56bn in revenue, of which $22bn was profit. "Such a financial punishment for purposeful, blatant illegality is chump change for a company that makes tens of billions of dollars every year," Mr Blumenthal said.

At some point, Facebook’s original vision of connecting the world was overtaken by the mad dash for advertising revenue and data collection. As the company swelled, absorbing its competitors and spreading across the globe, Facebook scooped up user data and sold it to advertisers. Third parties were able to exploit its vulnerabilities to acquire data on millions of account holders. In the case of Cambridge Analytica, Facebook found out and looked the other way.

Last year, Facebook chief executive Mark Zuckerberg admitted the company had made mistakes but vowed it would "step up" and make amends for its "breach of trust". What he has demonstrated in this affair, however, is a cavalier attitude to user privacy.

A fine that can be easily absorbed by Facebook’s vast profits is unlikely to spark an overhaul within the company. That is why concerned public interest groups have called for practical remedies to rein in Facebook’s data collection practices, in addition to financial penalties. Regulators across the globe must think hard about how to protect the privacy of social media users – because Facebook’s first priority, like any major company, is self-preservation.

One powerful tool that users themselves retain is where they take their custom. Mr Zuckerberg is no doubt aware that the same network effects that made Facebook flourish could just as easily bring it down. Increasingly today, users must exercise basic digital hygiene and inform themselves about violations of their privacy.

Only when customers vote with their feet – or their clicks – will major tech giants such as Facebook finally wake up and take notice.