New US privacy oversight on the table for Facebook, Zuckerberg

From a European perspective this sounds a lot like the DPO position that is mandated by GDPR…:

WASHINGTON — Facebook and the U.S. Federal Trade Commission are negotiating a possible settlement that would require the company to place privacy-minded executives at the company’s highest levels, a source close to the talks told POLITICO on Wednesday — in addition to paying the expected multibillion-dollar fine it disclosed last week.

The steps, which are subject to change until a deal is final, would include appointing a federally approved privacy official at the social network and creating an “independent” privacy oversight committee that may include Facebook board members, said the person, who requested anonymity because the discussions are ongoing.

Separately, Facebook Chairman and CEO Mark Zuckerberg would take on the role of “designated compliance officer” responsible for carrying out the company’s privacy policies, the person said. That would make him personally accountable for Facebook’s handling of the issue.

Such changes to Facebook’s structure would be in addition to paying a record-setting fine of $3 billion to $5 billion. Facebook disclosed last week that it anticipated a cash penalty in that range to settle the FTC’s investigation, launched more than a year ago amid the Cambridge Analytica data scandal. The source said the fine would be “probably within the high end of that range.”

A spokesperson for the office of FTC Chairman Joe Simons declined to comment. A Facebook spokesperson also declined to comment.

“Creating an independent office, or an office within Facebook does not establish new privacy obligations, nor does it ensure compliance” —Marc Rotenberg, executive director of the Electronic Privacy Information Center

While talk of a multibillion-dollar fine against Facebook has grabbed headlines, the question of structural changes looms as a much more meaningful issue for the company, which has amassed a market value of more than $500 billion through its command of detailed data on 2.4 billion users worldwide. Wall Street has reacted with a collective shrug to reports of the fine given Facebook’s financial resources, but mandated changes to the company’s business model could have a longer-term impact.

Under the proposed Facebook settlement, the source said, the FTC would “essentially” have veto power over the choice of the federally approved privacy executive, called an “assessor,” and said the new privacy oversight committee would meet quarterly and issue periodic reports on the company’s privacy practices.

But it wasn’t immediately clear what kind of authority the privacy assessor would have and whether the envisioned privacy committee would ultimately have the power to shape Facebook’s corporate and product decisions. It’s also unclear who would pay the salaries for the new positions and how they would interact with the company’s nine-member board of directors.

The settlement remains in flux until it wins the majority vote of the FTC’s full slate of five commissioners, led by Simons, a Republican nominated by President Donald Trump. Simons is seeking the support of one or both of the commission’s two Democratic members, to ensure the decision has bipartisan backing, people familiar with the case have told POLITICO.

In April, Mark Zuckerberg delivered the opening keynote introducing new Facebook, Messenger, WhatsApp, and Instagram privacy features at the Facebook F8 Conference | Amy Osborne/AFP via Getty Images

One prominent privacy advocate said the proposed settlement, even with a record-setting fine and new governance structure on privacy, does not go far enough.

“The additional remedies are not meaningful,” Marc Rotenberg, executive director of the Electronic Privacy Information Center, told POLITICO. “Creating an independent office, or an office within Facebook — which by the way, is not independent — does not establish new privacy obligations, nor does it ensure compliance.”

“A board doesn’t create new privacy rights for internet users,” he added. “And to say that Mark Zuckerberg is personally responsible — Mark Zuckerberg is Facebook, so what does that mean? It doesn’t add anything.”

The plan, as described by the source close to the talks, includes no new restrictions on Facebook’s data handling practices, which privacy advocates have repeatedly urged. Nor does it require the removal of Zuckerberg as chairman of the Facebook board or other checks on his leadership — other ideas floated by the company’s critics.

The FTC has been investigating whether Facebook violated its consent decree with the agency when it allowed data on up to 87 million users to fall into the hands of the political data firm Cambridge Analytica, which worked for Trump’s 2016 presidential campaign.

Since the Cambridge Analytica story broke, the social network has faced a barrage of other revelations that it had failed to protect users’ privacy, from questionable data-sharing arrangements with other tech firms to insecure storage of hundreds of millions of passwords to its decision to pay teens to install software to spy on their phone and web activity.

Last month, Zuckerberg announced the company is pivoting to building a “simpler platform that’s focused on privacy first,” shifting away from the news feed that has come to define Facebook in favor of user-to-user interactions, encrypted messaging and disappearing posts. On Tuesday, Zuckerberg unveiled a new look for the site meant to emphasize those features.

If Facebook and the FTC can’t agree on a settlement, the matter could go to court. The Justice Department would need to agree to represent the FTC in such a lawsuit.

Original article here