Facebook to Pay Up to $5 Billion in Privacy Fines

By Richard Montes De Oca* and Priscila Bandeira**
On April 24, 2019, Facebook disclosed in its quarterly results that the company expects to pay between $3 and $5 Billion dollars in fines to the Federal Trade Commission (FTC) for data privacy violations. The amount is only an estimate because investigations are still pending.
Facebook has been under investigation by the FTC for privacy violations in connection with the news that political data firm, Cambridge Analytica, acquired data from up to 87 million Facebook users last year. In addition to the issues surrounding the Cambridge Analytica scandal, Facebook suffered a large data breach shortly after, which exposed at least 50 million users.
In 2011, Facebook entered into a settlement agreement with the FTC requiring it to obtain user consent before sharing their data and to improve its protection of consumer information. The recent Facebook privacy issues may have violated such settlement agreement. In a press release on March 26, 2019, the FTC announced the investigation, and the FTC Acting Director, Tom Pahl, stated that the FTC will seek enforcement action “against companies that fail to honor their privacy promises.” Pahl also said that “the FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers.”
Facebook is also under investigation in Europe for alleged General Data Protection Regulation (“GDPR”) violations and could be facing further legal challenges after the California Consumer Privacy Act becomes effective on January 1, 2020.
With increasing privacy regulations, class actions and regulatory enforcement by the FTC and other regulators, it is critical for companies to establish or enhance their Privacy and Data Protection Compliance Programs. MDO Partners encourages companies to conduct cybersecurity risk assessments, adopt robust privacy policies, enhance disclosure controls and adopt cyberattack investigation procedures to help mitigate the risks associated with a cyberattacks and data breaches.
*Richard Montes De Oca is Managing Partner at MDO Partners, a boutique law firm that focuses on Corporate, International, and Real Estate Law, as well as Global Compliance and Business Ethics.

**Priscila Bandeira is a Global Compliance and Corporate Law Associate Counsel at MDO Partners, where she assists clients with  

corporate governance documentation, corporate formation, and international transactions. A graduate of the J.D./L.LM. Joint Program at the University of Miami, Ms. Bandeira is also registered with the Brazilian Bar.