Final FTC Agreement Represents a New Level of Accountability for Privacy

By Michel Protti, Chief Privacy Officer, Product

On Thursday, a federal court officially approved the agreement we reached with the Federal Trade Commission (FTC) last July. This concludes the FTC’s investigation that began after the events surrounding Cambridge Analytica in 2018. 

As we described last year, Facebook agreed to fundamentally shift our approach to protecting people’s privacy, and to pay a $5 billion fine. 

In my role as Chief Privacy Officer for Product, I’m committed to helping Facebook make important changes to the way that we approach privacy across the company as we implement the order. We’re off to a good start, with much of the work required by the agreement already underway.

Creating a New Level of Accountability 

This agreement has already brought fundamental changes to our company and advances in how we protect people’s privacy beyond anything we’ve done before. It has changed how we work, how we build new products and technologies and how we handle people’s information. Most of all, it brings a new level of accountability and ensures that privacy is everyone’s responsibility at Facebook. 

With this agreement now in place, executive leaders at the company, including our CEO, will now certify our compliance with it quarterly and annually to the FTC. We are also creating a new Privacy Committee on our Board of Directors that will be comprised solely of independent directors, and we’ll work with a third-party, independent assessor who will regularly and directly report to the Privacy Committee on our privacy program compliance.  

Infographic detailing checklist of how Facebook protects your privacy in FTC agreement

Progress We’ve Made 

While we have more to do, we’ve already made significant progress on privacy improvements across the company. We updated our Privacy Checkup tool to guide people through some of their most important privacy choices on Facebook, and we reminded people around the world to review their privacy settings. We finished rolling out our Off-Facebook Activity tool, so people can see a summary of the information businesses share with us and clear it from their account if they want to. We’ve also started publishing details about our privacy approach and the protections we’ve built into our products in a series called Privacy Matters. For example, here’s our Privacy Matters post about Facebook Pay.

Our privacy work is never finished, and we understand that this commitment means focusing on this every day.

Making Privacy Everyone’s Responsibility at Facebook 

We’ve brought together some of our most respected and experienced leaders to implement this agreement across the company. 

  • Erin Egan, our Chief Privacy Officer for Public Policy, leads our engagement in the global public discussion around privacy and ensures that feedback from governments and experts around the world is incorporated into our practices and policies. 
  • Vladimir Fedorov, VP of Engineering leads the privacy product and infrastructure team, which is driving all the underlying product, tooling and infrastructure changes we are making. 
  • Delfina Eberly, VP of Infrastructure leads the privacy program management team, driving design, implementation and testing.
  • Our legal team continues to grow, in order to best support our ongoing work on privacy.

We’ve created dozens of teams, both technical and non-technical, that are focused solely on privacy. We now look more critically at data use across all our operations. This means we analyze how data is collected, used and stored, from the moment people share new data with us, all the way to when that data is deleted. We make sure it’s used properly through a Risk Assessment Process; a comprehensive audit of how we use data across the entire company – assessing risks and putting safeguards in place to address them. We currently have thousands of people working on these privacy-related projects and we’re hiring many more.

This agreement has been a catalyst for changing the culture of our company. We’ve changed the process by which we onboard every new employee at Facebook to make sure they think about their role through a privacy lens, design with privacy in mind from the beginning and work proactively to identify potential privacy risks so that mitigations can be implemented. All new and existing employees are required to complete annual privacy training. 

A Roadmap for More Accountability Across the Industry

The agreement approved today goes beyond anything required by US law, and we believe that it can and should serve as a roadmap for more comprehensive privacy regulation, as other parts of the world have explored. We hope this leads to further progress on developing consistent legislation in the US and elsewhere. 

Ultimately, our goal is to honor people’s privacy and focus on doing what’s right for people. We believe that’s what the billions of people who use our products expect from us, and we’re going to keep doing that work for them.



To help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. By clicking or navigating the site, you agree to allow our collection of information on and off Facebook through cookies. Learn more, including about available controls: Cookies Policy