The United States Federal Trade Commission announced a settlement with Facebook, Inc. on July 24 in regards to violations of a 2011 agreement between Facebook and the FTC. The settlement includes a fine of USD 5 billion, as well as several structural changes to how Facebook handles privacy matters across its platforms.

The agreements and fine were brought under the Federal Trade Commission Act of 1914, as there currently is no federal regulation that the FTC could rely on to enforce privacy matters. This case provided more motivation for proponents of a U.S. federal regulation on data management, including the FTC, which would most likely gain more authority under a federal law to enforce fines and impose structural changes.

The FTC hailed the settlement as a watershed moment in privacy regulation. The settlement, the FTC stated in a press release, sends a message to the tech industry that privacy concerns are very serious and that the FTC and U.S. regulators are prepared to enforce privacy and security laws. Critics of the settlement, including representatives from the Electronic Privacy Information Center, the International Association of Privacy Professionals and the two dissenting members of the FTC, Commissioners Rohit Chopra and Rebecca Slaughter, argue that the fine is minimal, that the structural changes represent internally policed rather than publicly policed controls, and that the fundamental structure of the company and its business model remain unaffected.

“The settlement imposes no meaningful changes to the company’s structure or financial incentives, which led to these violations,” wrote Commissioner Chopra in his dissenting statement. “Nor does it include any restrictions on the company’s mass surveillance or advertising tactics. Instead, the order allows Facebook to decide for itself how much information it can harvest from users and what it can do with that information, as long as it creates a paper trail.”