Facebook’s $5 Billion Privacy Settlement Argued Consumers Weren’t Harmed. Experts Think the Damage Was Incalculable
New documents reveal that Facebook didn’t think it harmed consumers when it allowed data from up to to 85 million accounts to be harvested by data analytics firm Cambridge Analytica in 2016.
The argument, which was documented in a February 2019 white paper obtained by The Washington Post, was part of the Federal Trade Commission’s probe into Facebook’s privacy practices that ended with a record fine of $5 billion.
At the time of the white paper, the FTC reportedly was considering hitting Facebook with a fine of tens billions of dollars—a punishment Facebook's lawyers deemed as "unconstitutional" and "unlawful." Vying leniency, Facebook’s lawyers argued that the company didn’t profit from the alleged violations of user privacy, and that consumers didn’t suffer personal injury, according to the Post.
But some privacy experts vehemently disagree.
“Personal information about political affiliation was used to micro-target people, based on the preferences and knowledge that Cambridge acquired illegally,” said David Vladeck, a Georgetown Law professor who served as the director of the FTC’s Bureau of Consumer Protection from 20019 to 2012, “The idea that that has no value… is simply ridiculous.”
Vladeck said that the damage associated with lost data often times is impossible to fix, and therefore equally impossible to quantify in dollars. But that doesn’t mean there's been no harm, he said.
As an example, he referred to Ashley Madison, the website that facilitated affairs for married people. In 2015, hackers leaked personal information, including full names and email addresses, of 36 million people using the service. The result was irreparable harm that included destroyed marriages and even suicides, Vladeck said.
“How do you monetize losing a loved one?” he said.
In Facebook’s case, personal data was used to influence people’s votes in the 2016 presidential election: “Who knows what they would’ve done if they hadn’t seen the ads,” Vladeck said.
Jim Steyer, CEO of Common Sense Media, said Facebook’s attempted defense is a clear sign that even stricter regulations should be imposed on the company.
“What Facebook's very own words show is exactly what we've been saying for years, which is that this company does not believe violating the privacy of consumers is harmful,” he said. “Their business model is based on the data of its users and they are going to continue to do everything they can to profit off of the information they collect."
And Facebook users are still claiming harms by Facebook, according to The Electronic Privacy Information Center.
The organization said it has uncovered more than 32,000 complaints against Facebook, many of which are related to privacy. Since the FTC settled with the company, EPIC has urged the House Appropriations Committee to further investigate the complaints.
But Chris Hoofnagle, faculty director of the Berkeley Center for Law & Technology, said Facebook’s defense is a “perfectly fine legal argument.” That’s because it attempts to address two of the FTC’s factors in determining a civil penalty: whether there was injury to the public and whether there was a desire to eliminate the benefits derived by the violation.
Jane Bambauer, director of the Program on Economics & Privacy at George Mason University Law School, said that in cases like Facebook’s, defining “harm” is becoming increasingly difficult and complex.
Either way, the fact that Facebook used the argument in an attempt to lower a potential fine was pointless, said Georgetown’s Vladeck. The Cambridge Analytica incident proved that Facebook had broken an earlier agreement it made with the FTC about how it would manage users’ data, thus the fine, he said.
“It’s not intended to compensate consumers,” Vladeck said. It’s “to punish Facebook for violating its consent decree… and to send signals to other actors in marketplace, which is, ‘Don’t be Facebook.’”