It was announced in July 2019 that The Federal Trade Commission (FTC) and Facebook reached a 5 billion dollar settlement. The settlement puts to end the investigation by regulators into how Facebook lost control over the immense amounts of personal data and mishandled its communications with users. The magnitude of the penalty is more than 200 times greater than any other privacy penalty enforced by the government—and the largest in FTC history. Beyond the monetary payment, the FTC’s order also requires Facebook to establish an independent privacy committee of its board of directors and requires CEO Mark Zuckerberg, and designated compliance officers, to independently submit quarterly certifications that the company is in compliance with the privacy program.
This outcome has set a new precedent for how tech companies can expect to be treated by regulators. These companies, especially Silicon Valley’s multi-billion revenue generators, should be on high alert. Similar to the regulatory scrutiny financial institutions received in a post-financial crisis world, this action against Facebook on their misuse of personal data is a call to action for regulators against large tech companies. Ten years ago banks were the Keeper of the Crypt of our most sensitive data. Nowadays, your most valuable data likely resides with the most highly used applications on your phone.
So what can we expect next?
Consumer technology companies will need to place an increased focus on innovating their products to better protect consumers and themselves as an organization. With regulators acutely focused on consumer protection, we can expect and should anticipate more investigations potentially leading to more ghastly fines and inevitably more compliance directives as an outcome.
How will tech companies navigate greater scrutiny from regulators?
There is a very long and detailed answer to this question, but the shortcut may be for tech companies to look towards how financial institutions have evolved given the greatly heightened regulatory requirements enacted under Dodd-Frank over 10 years ago, and then improve upon that.
Similar to what the global banks did, risk leaders at these tech companies will need to invest in leading compliance management systems, tracking all consumer interactions. These compliance programs will grow in strength as they develop an omnichannel line of defense strategy to their risk management programs. In that pursuit, consumer tech companies will partner with RegTechs and regulatory experts. Tech companies have a predisposition for solving big problems with tech. Now, they face a new BIG problem where regulatory technology can absolutely help.
Where will Facebook and Consumer Techs go from here?
It was truly a watershed moment at the first congressional hearing, where Mark Zuckerberg was forced to suit up and sweat it out. He surprisingly said that Facebook welcomed federal regulation for his company and the broader tech space. A foreseen conclusion that many of us in the compliance world knew was coming and a necessary truth on the path to consumer protection. When a company has clear regulations, a bright line between right and wrong has been drawn for them.
For the first time this week, I heard Google’s new ad campaign explaining to the world their user controls around ad targeting and privacy. This is an expensive and extreme measure on their part to offer clear and concise consents and disclosures. Obviously, this in response to the Facebook settlement and is the new normal that Consumer Tech finds itself in.
Companies with the scale and resources of Facebook and Google will continue to have a competitive advantage, and the cost to adhere to regulations won’t be much more than a rounding error for them. For (most) other consumer tech companies of less scale, the regulations will feel onerous at first but can help serve as guard rails to ensure they are going and growing in the right direction. Technology Companies will still drive at hyperspeed, but there are now compliance tolls to pay on the road of innovation from Silicon Valley to Washington, D.C.