Illustration showing people with magnifying glasses looking at digital information

Facebook may be subject to additional oversight by the Federal Trade Commission under a potential multibillion-dollar settlement of consumer-privacy violations, according to a report by the Washington, D.C., website Politico.

The story, based on sources who requested anonymity, said the company may create several new positions to address ongoing problems with the way Facebook collects and uses consumer data.

According to the proposal, a privacy committee would be created and include members of Facebook’s board. That committee would then appoint an FTC-approved external assessor, who would file biennial reports about the company’s compliance with settlement terms.

A high-level Facebook executive would also be appointed as “a designated compliance officer,” with personal responsibility for adhering to the agreement’s guidelines. The Politco report suggested that CEO Mark Zuckerberg might fill that role. 

More on Facebook

Representatives from Facebook and the FTC declined to comment on the ongoing negotiations.

Last week, in required filings related to its earnings reports, Facebook stated that it expected to be fined as much as $5 billion for violating a 2011 consent decree with the FTC requiring the company to be more diligent in protecting consumer privacy. Facebook posted revenues of $55.8 billion in 2018.

Based on the initial reports, consumer advocates say this additional oversight on Facebook could be good news for consumers because it’s more likely to affect the company’s handling of consumer data than a huge fine alone. 

“I think it’s important that there are fines and structural remedies,” says Christine Bannan, consumer privacy counsel at the Electronic Privacy Information Center [EPIC], the advocacy group that filed a complaint against Facebook before the FTC’s 2011 consent decree.

However, advocates also remain skeptical that the proposed monitors would have the power to compel real change, especially considering that the FTC already had a long-term oversight role with Facebook after the 2011 consent decree.

Facebook had been subject to biennial reviews by the accounting firm PwC, whose auditors signed off on the company’s privacy policies for the two years when Cambridge Analytica received unauthorized access to the data of up to 87 million Facebook users, according to a report filed with the FTC.

“It’s clear that a fine won’t affect Facebook’s day-to-day activities, and I am not sure that this board will, either,” says Katie McInnis, policy counsel at Consumer Reports. “Creating this oversight board seems like an ad hoc ‘fix’ that won’t change the company’s primary data collection and monetization practices.”

“It’s hard to see how the the board [members] would be able to exercise independent oversight when they’re part of Facebook,” Bannan adds. “It seems like a different flavor of what we already have.”

As for the CEO’s potential new role, advocates—including McInnis—wonder how it would differ from his current one.

“Satan is in the small text,” says Emory Roane, policy counsel at the Privacy Rights Clearinghouse. “It would all come down to the language of the final agreement. What are the obligations of the compliance officer? What are the penalties for not complying? But at the end of the day, Zuckerberg is Facebook and Facebook is Zuckerberg.”

As to what should be done to address Facebook’s missteps, EPIC has called for regulators to unwind the company’s acquisition of the messaging platforms Instagram and WhatsApp. Sen. Richard Blumenthal, D-Conn., called for antitrust regulators to consider challenging the mergers before the Judiciary Committee in March. The FTC had already launched a task force in February to investigate antitrust issues in technology companies.

Forcing Facebook to divest those companies goes a step beyond the restrictions imposed by regulators in Germany in February, which prohibited Facebook from combining personal data from the messaging platforms without consumer consent.

Facebook has made a series of privacy missteps since the Cambridge Analytica scandal broke in March 2018. That incident triggered the FTC’s investigation into Facebook’s violation of the 2011 consent decree. 

Other problems include an October 2018 data breach, a Facebook bug that let developers improperly download user photos, news that Facebook let children amass credit card bills on the site, and federal charges against the company for alleged violations of the Fair Housing Act.