Facebook Anticipates an FTC Privacy Fine of up to $5 Billion

Facebook said it expects a fine of up to $5 billion from the Federal Trade Commission, which is investigating whether the social network violated its users’ privacy.

The company set aside $3 billion in its quarterly earnings report Wednesday as a contingency against the possible penalty but noted that the “matter remains unresolved.”

The one-time charge slashed Facebook’s first-quarter net income considerably, although revenue grew 26% in the period. The FTC has been looking into whether Facebook broke its own 2011 agreement promising to protect user privacy.

Investors shrugged off the charge and sent the company’s stock up more than 9% to almost $200 in after-hours trading. EMarketer analyst Debra Aho Williamson, however, called it a “significant development” and noted that any settlement is likely to go beyond a mere dollar amount.

″(Any) settlement with the FTC may impact the ways advertisers can use the platform in the future,” she said.

Facebook has had several high-profile privacy lapses in the past couple of years. The FTC has been looking into Facebook’s involvement with the data-mining firm Cambridge Analytica scandal since last March. That company accessed the data of as many as 87 million Facebook users without their consent.

The 2011 FTC agreement bound Facebook to a 20-year privacy commitment; violations could subject Facebook to fines of $41,484 per violation per user per day. The agreement requires that Facebook’s users give “affirmative express consent” any time that data they haven’t made public is shared with a third party.

The now-defunct Cambridge Analytica, which provided political data services to the 2016 Trump campaign and others, had wide access to normally private user data. It exploited a Facebook loophole that allowed it to see the data of people’s friends, and not just people who explicitly permitted access when they took a personality quiz. While Facebook did have controls in place that allowed people to restrict such access, they are found buried in the site’s settings and are difficult to find.

In addition to the FTC investigation, Facebook faces several others in the U.S. and Europe, including one from the Irish Data Protection Commission, and others in Belgium and Germany. Ireland is Facebook’s lead privacy regulator for Europe. The FTC is also reportedly looking into how it might hold CEO Mark Zuckerberg accountable for the company’s privacy lapses.

The social network said its net income was $2.43 billion, or 85 cents per share in the January-March period. That’s down 51% from $4.99 billion, or $1.69 per share, a year earlier, largely as a result of the $3 billion charge.

Revenue grew 26% to $15.08 billion from a year earlier. Excluding the charge, Facebook earned $1.89 per share. Analysts polled by FactSet expected earnings of $1.62 per share and revenue of $14.98 billion.

The company cautioned during a conference call with analysts that it faces “ad targeting headwinds” in the second half of this year. That includes developments such as Europe’s new privacy regulation that could impair hurt the company’s ability to target ads. Facebook also plans to launch a long-promised “clear history” tool that will let users delete their web-browsing tracks from Facebook’s data records while also blocking the social network from tracking the links they click going forward.

Zuckerberg, meanwhile, doubled down on his long-term vision to turn Facebook into a ”privacy-focused platform ” modeled after its encrypted messaging app WhatsApp. Analysts have questioned the company’s ability to make money if its focus shifts to private communications. But Zuckerberg said the company doesn’t currently use the content of messages for ad targeting anyway.

Facebook’s monthly user base on its flagship service grew 8% to 2.38 billion. Daily users grew 8% to 1.56 billion. The company said about 2.7 billion people used Facebook, WhatsApp, Instagram, or Messenger each month and 2.1 billion people used at least one of its services daily.