I’m sure you heard that Facebook is paying a $5 billion fine for privacy violations to the Federal Trade Commission. You may not have heard that the Securities and Exchange Commission decided to pile on and fine Facebook another $100 million for disclosure failures.
As Matt Levine of Bloomberg says “Everything is securities fraud.”
[T]he Risk Factor disclosures in its Form 10-Q filed on October 30, 2014, Facebook cautioned that “Improper access to or disclosure of user information, or violation of our terms of service or policies, could harm our reputation and adversely affect our business.” In the same Form 10-Q, the company advised that if developers “fail to comply with our terms and policies . . . our users’ data may be improperly accessed or disclosed.” This, the company acknowledged, “could have a material and adverse effect on our business, reputation, or financial results.”
My emphasis and the emphasis of the SEC in its press release
The problem was that Facebook knew that the users’ data had in fact been improperly accessed and disclosed. The SEC is taking the position that this phrasing of a risk creates a false impression that it is merely hypothetical and not actually happening.
The SEC had this fight over “may” in the Robare case. That ended up being a bad strategy for that case. If you remember, Robare’s disclosure was that it may be earning other fees, when it was always earning those fees. One court overturned the SEC. But it had a long history after the case and the SEC ended up winning anyhow.
In the Facebook case, the company made press releases that were incorrect or misleading because they failed to disclose the Cambridge Analytica problem.
The SEC tops this off by pointing out that the Facebook stock price fell from $185 to $159 after the Cambridge Analytica problem was disclosed to the public. That reinforces that the problem was material and should have been disclosed.
Sources: