The Securities and Exchange Commission (SEC) announced Wednesday that it intends to fine Facebook $100 million for making "misleading disclosures" about the risk of user data misuse.
The agency alleges that Facebook continued to describe possible data breaches to investors in “hypothetical” terms even though it had known about the data breach for several years.
“For more than two years, Facebook’s public disclosures presented the risk of misuse of user data as merely hypothetical when Facebook knew that a third-party developer had actually misused Facebook user data,” the SEC said in a statement.
“Public companies must identify and consider the material risks to their business and have procedures designed to make disclosures that are accurate in all material respects, including not continuing to describe a risk as hypothetical when it has in fact happened.”
Facebook agreed to settle the charges “without admitting or denying the SEC’s allegations,” the agency noted.
Mishandling of user data
The fine from the SEC is separate from the $5 billion penalty approved this week by the Federal Trade Commission (FTC) over the Cambridge Analytica data breach, which resulted in up to 87 million Facebook users having their information improperly accessed. The FTC and the SEC began investigating Facebook last July following the data-sharing scandal.
In response to the actions taken against it, Facebook has promised greater transparency and increased efforts to protect user privacy. Facebook said the FTC agreement "will mark a sharper turn toward privacy, on a different scale than anything we've done in the past.” The company said it has already set aside money to pay the fine.
“Going forward, our approach to privacy controls will parallel our approach to financial controls, with a rigorous design process and individual certifications intended to ensure that our controls are working — and that we find and fix them when they are not,” Facebook said in a blog post.