Facebook will pay a record-breaking $5bn penalty in the US for “deceiving” users about their ability to keep personal information private, after a year-long investigation into the Cambridge Analytica data breach.
The Federal Trade Commission (FTC), the US consumer regulator, also announced a lawsuit against Cambridge Analytica and proposed settlements with the data analysis firm’s former chief executive Alexander Nix and its app developer Aleksandr Kogan.
The $5bn fine for Facebook dwarfs the previous record for the largest fine handed down by the FTC for violation of consumers’ privacy, which was a $275m penalty for consumer credit agency Equifax.
It is also one of the largest regulatory penalties ever imposed by the US government on any company, reflecting the scale of the breach, first reported by the Observer.
The social network will submit to new restrictions on how it operates and a modified corporate structure to ensure executives are more accountable for users’ privacy.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” the FTC chairman, Joe Simons, said.
“The magnitude of the $5bn penalty and sweeping conduct relief are unprecedented in the history of the FTC.”
Simons said changes to Facebook’s corporate structure would make executives more accountable for protecting the privacy of the 185 million people in the US and Canada who use Facebook each day.
He said this was intended to “change Facebook’s entire privacy culture to decrease the likelihood of continued violations”.
In a post on his own Facebook page, the social network site’s founder and chief executive, Mark Zuckerberg, said the company had transformed the way it handles users’ information.
“We’ve agreed to pay a historic fine, but even more important, we’re going to make some major structural changes to how we build products and run this company,” he wrote.
“We have a responsibility to protect people’s privacy. We already work hard to live up to this responsibility, but now we’re going to set a completely new standard for our industry.
“Overall, these changes go beyond anything required under US law today. The reason I support them is that I believe they will reduce the number of mistakes we make and help us deliver stronger privacy protections for everyone.”