top of page



Facebook to Pay $5 Billion to FTC and $100 Million to SEC for Privacy and Disclosure Violations


■ ■ ■  July 30, 2019



On July 24, 2019, the U.S. Federal Trade Commission (“FTC”) and Facebook, Inc. announced a $5 billion settlement to resolve a privacy probe investigating whether Facebook had violated a prior FTC consent decree. On the same day, the U.S. Securities and Exchange Commission (“SEC”) announced charges against Facebook for inadequate and misleading disclosures to its shareholders. The SEC alleged that for two years, Facebook’s public disclosures failed to properly warn of its consumer data protection and privacy issues. Facebook did not admit or deny the SEC’s allegations, but agreed to pay the $100 million fine.


The FTC announced in a statement that this is “one of the largest civil penalties in U.S. history.” Previously, the highest FTC fine had been $22.5 million against Google in 2012.


 In 2011, Facebook entered into a settlement agreement with the FTC that required the company to obtain user consent before sharing their data and to improve its protection of consumer data. However, Facebook violated the agreement by carrying out a series of improper privacy practices. Specifically, the allegations that political data firm Cambridge Analytica acquired data from up to 87 million Facebook users through a quiz app. Facebook also allegedly misled its users about whether they had turned on a face recognition setting for the company’s “tagging” tool and exploited users’ phone numbers for targeted advertisement without their express consent. Also, Facebook suffered a large data breach shortly after the Cambridge Analytica Scandal, which exposed at least 50 million users. In the current settlement, Facebook executives had to sign the settlement under penalty of perjury, risking civil and criminal liability if they fail to comply. It also requires the creation of an independent panel of the Board to oversee Facebook’s privacy practices.


Facebook is also under investigation in Europe for alleged General Data Protection Regulation (“GDPR”) violations and could be facing further legal challenges after the California Consumer Privacy Act becomes effective on January 1, 2020.


Privacy regulating class actions and regulatory enforcement by the FTC, SEC, and other regulators involving data breaches, cyberattacks and disclosures are increasing. It is critical for companies to establish or enhance their Privacy and Data Protection Compliance Programs. MDO Partners encourages companies to conduct cybersecurity risk assessments, adopt robust privacy policies, enhance disclosure controls and adopt cyberattack investigation procedures to help mitigate the risks associated with a cyberattacks and data breaches. Our attorneys and advisors have experience advising clients on the relevant privacy matters and cybersecurity measures that should be taken to establish and maintain an effective Privacy and Data Protection Compliance Program.

About MDO Partners


MDO Partners is a boutique law firm that focuses on Corporate, International, and Real Estate Law, as well as Global Compliance and Business Ethics. The firm is comprised of a solid team of attorneys and advisors with more than 100 years of combined experience who are committed to the business goals and best interests of their clients. The firm delivers value-added services of the highest caliber, and serves as a trusted advisor to its clients with a practical and business-savvy approach. For more information on MDO Partners, please visit


If you have questions or comments regarding this Alert, please contact the attorney or advisor listed below.


Richard Montes de Oca

Managing Partner






175 SW 7th Street

Suite 1900
Miami, FL 33130

Contact us:

bottom of page