Top 7 Facts About Facebook $5 Billion Fine Over Privacy Violations

The US Federal Trade Commission has approved a fine of $5 billion against Facebook for mishandling millions of users’ personal information, according to three people briefed on the vote, in what would be a landmark settlement that signals a newly aggressive stance by regulators toward the country’s most powerful technology companies.

Here are the top 7 facts about Facebook data privacy violations:

1. In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn't warn users that this change was coming, or get their approval in advance.
2. Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need. Cambridge Analytica was found negligent in its oversight of the ways third-party applications access user data on the platform.  Around 87 million users had their private information accessed by the political consulting firm after it was collected by an app maker and then packaged and sold.
3. Facebook told users they could restrict sharing of data to limited audiences – for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.
4. Facebook had a "Verified Apps" program & claimed it certified the security of participating apps. It didn't.
5. Facebook promised users that it would not share their personal information with advertisers. It did.
6. Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
7. Facebook claimed that it complied with the U.S - EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn't comply to govern the data exchange between US and EU.