In this corner, the U.S. Federal Trade Commission (FTC): 

“Facebook has repeatedly violated its privacy promises,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The company’s recklessness has put young users at risk, and Facebook needs to answer for its failures.”

In that corner, Meta (formerly, Facebook):

Meta head of communications Andy Stone called the FTC’s announcement a “political stunt,” vowed to “vigorously fight” the action, and criticized the FTC for allowing Chinese-owned social media app TikTok to “operate without constraint on American soil.”

Yesterday, May 3, 2023, the FTC ordered Meta to show cause as to why the Commission should not modify its 2020 Order and enter a new proposed order based on Facebook’s record of alleged violations and its independent assessor’s findings that Facebook has not complied with the requirements of its privacy program. Specifically, the independent assessor found that Facebook “misled parents about their ability to control with whom their children communicated through its Messenger Kids app, and misrepresented the access it provided some app developers to private user data,” in breach of the FTC’s 2012 and 2020 Privacy Orders with Meta and in violation of the Children’s Online Privacy Protection Act (“COPPA”).

The changes to the 2020 Privacy Order that the FTC has proposed, if ordered, would undoubtedly be impactful in many respects and would apply to the full complement of products and services offered by Meta, including Facebook, Instagram, WhatsApp, Messenger, and Meta Quest.  The proposed changes include:

  • Blanket prohibition against monetizing data of children and teens under 18: Meta and all its related entities would be restricted in how they use the data they collect from children and teens. The company could only collect and use such data to provide the services or for security purposes, and would be prohibited from monetizing this data or otherwise using it for commercial gain even after those users turn 18.
  • Pause on the launch of new products, services: The company would be prohibited from releasing new or modified products, services, or features without written confirmation from the assessor that its privacy program is in full compliance with the order’s requirements and presents no material gaps or weaknesses.
  • Extension of compliance to merged companies: Meta would be required to ensure compliance with the FTC order for any companies it acquires or merges with, and to honor those companies’ prior privacy commitments.
  • Limits on future uses of facial recognition technology: Meta would be required to disclose and obtain users’ affirmative consent for any future uses of facial recognition technology. The change would expand the limits on the use of facial recognition technology included in the 2020 Order.
  • Strengthening existing requirements: Some privacy program provisions in the 2020 Order would be strengthened, such as those related to privacy review, third-party monitoring, data inventory and access controls, and employee training. Meta’s reporting obligations also would be expanded to include its own violations of its commitments.

The undertaking to even begin to comply with these proposed changes would appear to be massive and would not only impact Meta and its products and services operationally, but financially as well.  That is not to say that these proposed modifications may not be warranted if the alleged violations prove to be true.  The takeaway here… the FTC means business!

This current order is the third time the FTC has taken action against Meta – so let’s call this “Round 3.”  Meta has 30 days to respond to the proposed findings from the FTC’s investigation.  Stay tuned!