Facebook has set out plans for a radical overhaul of its internal processes to foreground user privacy, in the wake of its record FTC fine.
The social network was slapped with a $5bn penalty by the US regulator following mistakes it made which led to personal data on 50 million users and their friends being used by shadowy political consultancy Cambridge Analytica without their knowledge.
It has been argued that the data was used to try and influence the outcome of the Brexit referendum and the 2016 US Presidential election.
In a blog post on Wednesday, general counsel Colin Stretch outlined the steps Facebook is taking to build a security and privacy-by-design culture “on a different scale than anything we’ve done in the past” – with transparency and accountability front-and-center.
“It introduces more stringent processes to identify privacy risks, more documentation of those risks, and more sweeping measures to ensure that we meet these new requirements,” he said. “Going forward, our approach to privacy controls will parallel our approach to financial controls, with a rigorous design process and individual certifications intended to ensure that our controls are working — and that we find and fix them when they are not.”
Privacy protections will be built into every product, with any risk documented and resolved, and more monitoring and reporting obligations placed on the firm. There will be detailed quarterly reports to verify compliance signed by Mark Zuckerberg and with executive accountability throughout.
An independent privacy assessor will report to a new board committee each quarter and the FTC, to ensure the firm is living up to its commitments.
“We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work, and we expect it will take longer to build new products following this process going forward,” said Zuckerberg in a statement.
“Overall, these changes go beyond anything required under US law today. The reason I support them is that I believe they will reduce the number of mistakes we make and help us deliver stronger privacy protections for everyone.”
Although the measures go beyond US law, they chime very much with the expectations of GDPR regulators – highlighting again that the EU law is leading the way globally in terms of privacy legislation.
In fact, it’s likely to work in Facebook’s favor in the long-run if it can effectively roll-out a single privacy regime across its entire global operations.