Why Facebook's 'biggest fine ever' is actually peanuts

Don't expect the company to change its ways

Mark Zuckerberg.
(Image credit: Illustrated | Justin Sullivan/Getty Images, bellanatella/iStock)

Here are two news tidbits that really shouldn't go together. This Wednesday, Facebook said it expected to pay a fine of $3 billion to $5 billion to the Federal Trade Commission (FTC) for violating its users' data privacy. Even the low-end estimate would be far and away the biggest penalty the regulator has ever imposed on a technology company. Also on Wednesday, Facebook's stock jumped 10 percent as its latest profits beat Wall Street's expectations.

How on earth could traders reward Facebook's share value even as it gets slapped with a record fine?

The answer is that, in the age of corporate giants and financial behemoths and Silicon Valley titans, one of the largest fines in FTC history just isn't all that impressive.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE
https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

The basic point of any fine is incentivization: to cause a company enough pain that it stops doing whatever it was doing to get itself fined in the first place. In this instance, the FTC was investigating how Cambridge Analytica, the now-shuttered British political consulting firm, was able to improperly access the data of some 87 million Facebook users. Facebook had signed a consent decree with the agency to settle a previous series of privacy mishaps, promising to give users clear notice about data policies, and to only share their information after obtaining their explicit consent. The FTC saw the Cambridge Analytica scandal as evidence Facebook hadn't lived up to its end of the bargain.

As you probably guessed, the potential size of the fine in comparison to previous regulatory penalties is what's been grabbing reporters. Politico called it "unprecedented," the New York Times said it was a "milestone," and the Washington Post marveled at the "sheer size" of the legal expense. The fine "could reset the baseline for future privacy investigations, putting the United States on par with Europe in its willingness to go after technology firms," the Post continued. But this is just the wrong comparison to be making.

The problem is that Facebook's first quarter profits were $2.43 billion, after accounting for the $3 billion it set aside to pay the penalty. In other words, even in the worst-case scenario of $5 billion, the FTC's fine won't even eliminate Facebook's profits for a single quarter, never mind the whole year.

Consider that profits are gravy: They're what a corporation spits out to Wall Street after its paid all the expenses — wages, operating costs, capital investments — that actually keep it functioning. Eliminating all the profits for a whole year, or even multiple years, might tick off shareholders. But it wouldn't actually threaten a company's financial health. To really get its attention, you have to knock out profits and cut significantly into operating revenue.

The metric that actually tells us something about a penalty's effectiveness is its size relative to profits and overall revenues. Looking at studies of anti-competitive behavior, for instance, The Economist suggested fines should be as high as 60 percent of annual revenue to seriously influence corporate behavior. It's not a perfect comparison, since Facebook was guilty of a different sort of malfeasance. But the company's annual revenue is around $56 billion. A penalty of $5 billion is less than nine percent of that. (Facebook also has around $40 billion in cash reserves.) The FTC's second biggest privacy-related fine ever was $22.5 million, levied against Google in 2012 — a year when that company made $50 billion in revenue and $10 billion in profits.

Sen. Richard Blumenthal (D-Conn.) was much closer to the mark when he dismissed the fine as "a mere slap on the wrist." Rep. David Cicilline (D-R.I.), the chair of the U.S. House Judiciary Committee's subcommittee on antitrust issues, echoed that phrase, and insisted that "if the FTC won't act, Congress has to."

This problem of paltry fines has been ongoing across multiple industries for a while now. In 2015, for example, media investigations disclosed that major U.S. banks paid a whopping $130 billion in fines and judgments between 2009 to 2014 for violations related to the 2008 financial collapse. That enormous sum amounted to just 26 percent of their total profits over that time period — as a share of their total revenue, it would've been far smaller. In 2018 and 2017, the European Union dropped both its biggest and second-biggest fines ever on Google, at $5.1 billion and $2.7 billion, respectively. In 2017, Google's revenue topped $100 billion. And the FTC's biggest fine ever for false advertising — a massive $14.7 billion for Volkswagen in 2016 — was enough to seriously curtail profits for a year or two, but less than eight percent of that year's total revenue.

It's possible the FTC could pursue other punishments against Facebook besides just monetary penalties, which could give Facebook more of a nudge to reform its ways. It could demand changes to the company's corporate governance, or insist on new and specific rules curbing future data collection and sharing. Marc Rotenberg, the president of the Electronic Privacy Information Center, suggested the FTC should force Facebook to spin off WhatsApp and Instagram as well.

As for Facebook's CEO, Mark Zuckerberg, he at least seems to realize the moment calls for the appearance of humble reflection. Also on Wednesday, Zuckerberg announced his company would shift its practices and platform design in a more "privacy-focused" direction.

But Slate's Ari Ezra Waldman pointed out that Zuckerberg's missive actually focused on encrypting individual messages, without really addressing the questions of collecting user data or sharing it with third parties. "There's no indication that, besides working to encrypt its merged messaging systems, the new Facebook would look any different from the old Facebook when it comes to these kinds of privacy-invasive practices," Waldman wrote.

As Wired caustically noted, Zuckerberg's been apologizing more or less nonstop for Facebook's various privacy and data screwups for over 14 years now, with the company paying plenty of fines and settling plenty of lawsuits along the way. Given the pain an FTC fine will inflict (or, more precisely, won't inflict) on Facebook's bottom line, there's every reason to think this latest "pivot to privacy" will be just one more stop on the endless apology tour.

To continue reading this article...
Continue reading this article and get limited website access each month.
Get unlimited website access, exclusive newsletters plus much more.
Cancel or pause at any time.
Already a subscriber to The Week?
Not sure which email you used for your subscription? Contact us
Jeff Spross

Jeff Spross was the economics and business correspondent at TheWeek.com. He was previously a reporter at ThinkProgress.