As we described last year, Facebook agreed to fundamentally shift our approach to protecting people’s privacy, and to pay a $5 billion fine.
In my role as Chief Privacy Officer for Product, I’m committed to helping Facebook make important changes to the way that we approach privacy across the company as we implement the order. We’re off to a good start, with much of the work required by the agreement already underway.
Creating a New Level of Accountability
This agreement has already brought fundamental changes to our company and advances in how we protect people’s privacy beyond anything we’ve done before. It has changed how we work, how we build new products and technologies and how we handle people’s information. Most of all, it brings a new level of accountability and ensures that privacy is everyone’s responsibility at Facebook.
With this agreement now in place, executive leaders at the company, including our CEO, will now certify our compliance with it quarterly and annually to the FTC. We are also creating a new Privacy Committee on our Board of Directors that will be comprised solely of independent directors, and we’ll work with a third-party, independent assessor who will regularly and directly report to the Privacy Committee on our privacy program compliance.
Progress We’ve Made
While we have more to do, we’ve already made significant progress on privacy improvements across the company. We updated our Privacy Checkup tool to guide people through some of their most important privacy choices on Facebook, and we reminded people around the world to review their privacy settings. We finished rolling out our Off-Facebook Activity tool, so people can see the information businesses share with us and clear it from their account if they want to. We’ve also started publishing details about our privacy approach and the protections we’ve built into our products in a series called Privacy Matters. For example, here’s our Privacy Matters post about Facebook Pay.
Our privacy work is never finished, and we understand that this commitment means focusing on this every day.
Making Privacy Everyone’s Responsibility at Facebook
We’ve brought together some of our most respected and experienced leaders to implement this agreement across the company.
- Erin Egan, our Chief Privacy Officer for Public Policy, leads our engagement in the global public discussion around privacy and ensures that feedback from governments and experts around the world is incorporated into our practices and policies.
- Vladimir Fedorov, VP of Engineering leads the privacy product and infrastructure team, which is driving all the underlying product, tooling and infrastructure changes we are making.
- Delfina Eberly, VP of Infrastructure leads the privacy program management team, driving design, implementation and testing.
- Our legal team continues to grow, in order to best support our ongoing work on privacy.
We’ve created dozens of teams, both technical and non-technical, that are focused solely on privacy. We now look more critically at data use across all our operations. This means we analyze how data is collected, used and stored, from the moment people share new data with us, all the way to when that data is deleted. We make sure it’s used properly through a Risk Assessment Process; a comprehensive audit of how we use data across the entire company – assessing risks and putting safeguards in place to address them. We currently have thousands of people working on these privacy-related projects and we’re hiring many more.
This agreement has been a catalyst for changing the culture of our company. We’ve changed the process by which we onboard every new employee at Facebook to make sure they think about their role through a privacy lens, design with privacy in mind from the beginning and work proactively to identify potential privacy risks so that mitigations can be implemented. All new and existing employees are required to complete annual privacy training.
A Roadmap for More Accountability Across the Industry
The agreement approved today goes beyond anything required by US law, and we believe that it can and should serve as a roadmap for more comprehensive privacy regulation, as other parts of the world have explored. We hope this leads to further progress on developing consistent legislation in the US and elsewhere.
Ultimately, our goal is to honor people’s privacy and focus on doing what’s right for people. We believe that’s what the billions of people who use our products expect from us, and we’re going to keep doing that work for them.