Federal regulators got a sympathetic hearing from Congress on Wednesday for their request for greater powers and funding to police privacy, as lawmakers warned that fines against big companies may be inadequate to change those companies’ conduct.
The Federal Trade Commission is negotiating a record fine to punish Facebook Inc. for alleged violations of users’ privacy.
But “a large fine in a single case does not solve the problems that consumers face,” said Rep. Jan Schakowsky (D-Ill.), chairwoman of the House consumer protection subcommittee.
At a hearing with the five members of the FTC, Schakowsky said the agency needs more funding and authority “at a minimum to restore consumers’ confidence.”
Rohit Chopra, one of the FTC commissioners, said that to some big companies, fines are a mere “parking ticket.”
“We cannot change behavior without finding out who at the top caused those problems,” Chopra said.
Although Schakowsky and Chopra didn’t specifically mention Facebook, the FTC is considering a rare action to hold Facebook Chief Executive Mark Zuckerberg personally accountable for the social media giant’s alleged failure to honor a 2011 agreement over privacy lapses.
The FTC also may limit how Facebook targets advertising to its massive user base — potentially making the action far more than a regulatory slap on the wrist.
Beyond a fine expected to run as high as $5 billion, comprehensive action by the FTC could mark a watershed in federal action against the tech industry in the name of consumer privacy.
Rep. Michael C. Burgess (R-Texas) said even a large fine “is inconsequential for a company the size of Facebook” while potentially damaging smaller businesses.
The FTC is an independent agency with three Republicans and two Democrats. FTC Chairman Joseph Simons has advocated tougher enforcement action against tech companies and must obtain the agreement of at least two other commissioners for any action on Facebook.
Lawmakers have started work on a new national privacy law that could sharply curtail the ability of the biggest tech companies to collect and make money off people’s personal data. The role of the FTC as an enforcer of privacy protections is a key issue in the debate over legislation. Consumer privacy advocates and Democratic lawmakers say the agency lacks teeth and have pushed for expanding its powers and funding.
The FTC doesn’t have the authority, for example, to levy civil financial penalties for first violations for most unfair or deceptive practices. It can only issue orders halting the conduct, as it did with Facebook in 2011.
The agency would be expected to write new privacy rules if Congress passes a new law.
Behind the momentum for a new law is rising concern over a string of scandals and the compromise of private data held by Facebook, Google and other tech giants that have reaped riches by aggregating consumer information. The industry traditionally has been lightly regulated and has resisted closer oversight as a threat to its culture of freewheeling innovation.
Republicans have generally opposed an expansion of federal authority, but after privacy scandals involving Facebook and other tech titans, some have taken a more open view toward the FTC’s powers and funding. Some business groups are also proposing an expanded role in privacy protection for the FTC.
The 2011 consent decree with the FTC bound Facebook to a 20-year privacy commitment. Violations could subject the company to fines of $41,484 per violation per user per day. The agreement requires that Facebook users give “affirmative express consent” any time that data they haven’t made public are shared with a third party.
The agency started investigating Facebook’s privacy practices more than a year ago after reports surfaced that the British political consulting firm Cambridge Analytica had improperly accessed the data of as many as 87 million Facebook users without their consent.