On Wednesday, the Federal Trade Commission proposed sweeping changes to how Meta operates, accusing the company of violating a suite of child privacy protections, including the Children’s Online Privacy Protection Act (COPPA).
In a press release, the agency alleged that Meta violated a 2020 privacy order it had reached with the agency to resolve its role in the Cambridge Analytica scandal. The proposal cites instances in which the company misled parents on the extent of their abilities to control who their children communicate with over services like Messenger Kids and misrepresented the access the company grants third-party app developers to private user data.
“Facebook has repeatedly violated its privacy promises,” said Samuel Levine, FTC consumer protection bureau director. “The company’s recklessness has put young users at risk and Facebook needs to answer for its failures.”
The FTC’s proposed changes would ban Meta, Facebook, and the rest of the company’s properties from monetizing the data of children under 18 years old. It would also bar the company from launching new products or services without the green light from an independent privacy assessor and would require explicit user consent for any new uses of facial recognition technology.
These new rules would apply to Facebook and Meta’s other platforms, including Instagram, Oculus, and WhatsApp. It would also cover any new companies Meta could merge with in the future.
Responding to the FTC’s Wednesday proposal, Meta spokesperson Andy Stone called it a “political stunt,” accusing the agency of attempting to “usurp the authority of Congress to set industry-wide standards.” Later in the day, Meta published a longer version of the response on its company blog, writing, “None of these issues warrant the drastic changes the FTC is seeking just three years into our decades-long agreement–and that the FTC lacks unilateral authority to impose.”
“FTC Chair Lina Khan’s insistence on using any measure — however baseless — to antagonize American business has reached a new low,” Stone said in a statement to The Verge Wednesday. “We will vigorously fight this action and expect to prevail.”
Despite voting to move forward with the proposal, Commissioner Alvaro Bedoya issued a statement casting doubt on the FTC’s authority to modify its orders in this manner. “I look forward to hearing additional information and arguments and will consider these issues with an open mind,” he said.
The alleged violations arose from an independent assessor’s review of Meta’s privacy protections. The assessor was first implemented following the 2020 order and put in charge of reviewing whether Meta’s privacy protections met the FTC’s standards. According to the FTC, the assessor “identified several gaps and weaknesses” in the company’s privacy practices.
The FTC’s proposal is just the first step in a process to heighten Meta’s privacy and security practices. According to the Wednesday press release, the FTC has asked Meta to respond within 30 days to its findings and proposal. After receiving Meta’s response, the agency would then vote on whether to alter or adopt the proposed rules.
Update May 5th, 12:45AM ET: Added link to Meta’s full response.