Facebook wants its ad agency partners to know that it is serious about making changes to its privacy policies—especially upon agreeing to pay the federal government $5 billion for violating related regulations and repeatedly misleading consumers.
After CEO Mark Zuckerberg and general counsel Colin Stretch confirmed the record fine in a personal post and a Facebook Newsroom story, respectively, vp of global marketing Carolyn Everson sent a memo to all major holding groups outlining the steps her company plans to take to address the matter moving forward, including the promotions of new privacy-focused executives.
Adweek acquired copies of the memo from three separate sources, each of whom confirmed its authenticity. A Facebook spokesperson did not immediately respond to a request for additional comment.
“As you may have seen, we have officially reached an agreement with the U.S. Federal Trade Commission (FTC) that establishes a comprehensive new framework for protecting people’s privacy,” Everson wrote, adding that the FTC’s order “will require a fundamental shift in the way we approach our work.”
At the same time, while Everson wrote that Facebook will be “strengthening both the privacy requirements we must meet and the level of oversight we will have over our privacy practices,” she also sought to reassure its agency partners that their clients’ relationships with Facebook will not be fundamentally threatened.
Some of the language included in the memo is the same as that in Stretch’s release. Both stated that Facebook will establish an independent board led by its own “privacy assessor” who will work to “oversee how we handle privacy issues and ensure we’re living up to our commitments.” This assessor will regularly report to both the board itself and the federal government.
“Executives across the company will have to certify that they’re meeting these privacy requirements in all the work they oversee,” Everson continued, adding that Zuckerberg will personally sign off on all such certifications. Without outlining specifics, she also wrote that Facebook will enact “more stringent processes to identify privacy risks” and document those risks and its responses more thoroughly.
She also announced new roles for three executives who will now focus on privacy matters. Michel Protti, formerly vp of Product Marketing on Partnerships, will become the company’s chief privacy officer for Product pending the approval of Facebook’s board. Vice president of Infrastructure Delfina Eberly has also been promoted to lead Privacy Programs Audit and Oversight, and vp of Engineering Vladimir Fedorov, who has spent more than a decade with the company, will manage privacy reviews across its product and engineering teams moving forward.
Everson ended her memo by stating that privacy “was already important” to the platform, that the new approach will surpass existing American laws, and that it will apply globally even though the agreement comes strictly on the orders of the U.S. federal government.
“Thank you as always for your continued partnership,” she concluded before reprinting the entirety of Stretch’s Newsroom story. The full memo is below.
As you may have seen, we have officially reached an agreement with the U.S. Federal Trade Commission (FTC) that establishes a comprehensive new framework for protecting people’s privacy. As part of this settlement, we’ve agreed to pay a $5 billion fine and the Order will require a fundamental shift in the way we approach our work. It builds on our current approach by strengthening both the privacy requirements we must meet and the level of oversight we will have over our privacy practices. It also places additional responsibility on people building our products at every level of the company.
- Setting up an independent board that will oversee how we handle privacy issues and ensure we’re living up to our commitments. An independent privacy assessor will review the privacy program on an ongoing basis and report their findings to the government and the board.
- Reporting on our progress on a regular basis. Executives across the company will have to certify that they’re meeting these privacy requirements in all the work they oversee. This will include Mark, who will sign his name to verify that we did what we said we would. The order also includes new requirements for reporting certain violations of our terms. Moving forward, if we verify that user data has been improperly accessed, collected, used or shared by certain third parties in violation of our Terms, we will be required to report the incident to the FTC.
- Moving three senior leaders from their current roles to focus on privacy full time, and we are hiring hundreds of people to work with them.
Michel Protti, who many of you know, will be moving from his role as Vice President of Product Marketing on Partnerships, will become our Chief Privacy Officer, Product, pending board approval.
Delfina Eberly, current VP of Infrastructure, will now lead Privacy Programs Audit and Oversight
Vladimir Fedorov, current VP Engineering and a leader at FB for over 10 years, will lead Privacy review across all our product and engineering teams.
- More Stringent Processes to identify privacy risks, more documentation of those risks, and more sweeping measures to ensure that we meet these new requirements.
Privacy was already important to us. These new controls add a level of rigor that mirrors financial controls and compliance. The accountability required by this agreement surpasses current law and we hope will be a model for the industry. While this is an order from a U.S. agency, many of these changes will apply globally.
I feel confident that these new actions, in addition to the changes we have already made, will continue to strengthen us as a company and help us better serve our community by making sure the work we do is at the standard that people and businesses expect of us.
Thank you as always for your continued partnership.