Facebook and the US Federal Trade Commission (FTC) are negotiating a possible settlement that would require Facebook to create new positions at the company focused on strengthening its privacy practices, Politico reports, citing an anonymous source. As part of the settlement Facebook would create a privacy committee to protect its users’ data, and also have an external assessor appointed by the company and the FTC. Zuckerberg would take on the role of “designated compliance officer” responsible for carrying out the company’s privacy policies, making him personally accountable for Facebook’s handling of the issue, the report says.

The FTC began investigating Facebook in early 2018 after it was revealed that Cambridge Analytica, a political consulting firm, harvested and used the personal data of around 87 million of Facebook users, including 562,455 Indian users, without their consent ahead of the 2016 US Presidential election. Last week The Verge reported that Facebook had set aside $3 billion for a fine it expects to have to pay the FTC as part of the settlement. The latest development coincides with Facebook’s annual F8 developer conference, which CEO and chairman Mark Zuckerberg used to outline the company’s new “privacy-focused vision”. He said people need public and private spaces in the digital world, and that the company has worked on building Facebook and Instagram into the digital equivalents of the town square, and WhatsApp and Messenger into the ‘living room’.

Facebook’s data leaks continue

Facebook has been beset by privacy scandals since the Cambridge Analytica story broke. In April cybersecurity firm UpGuard found that over 540 million Facebook records were left exposed on the public internet via two third-party Facebook apps. The firm discovered two separate sets of Facebook user data on public Amazon cloud servers. One, linked to Mexico-based media company Cultura Colectiva, contained over 540 million records including comments, likes, reactions, account names, Facebook IDs and more. Another, linked to a defunct Facebook app called ‘At The Pool’, contained plaintext passwords of 22,000 users.

Two weeks before that, a report by KrebsOnSecurity revealed that the passwords of up to 600 million Facebook users were stored in plain text and searchable by thousands of Facebook employees for years. A Facebook insider told KrebsOnSecurity that access logs showed around 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

Read our coverage of Facebook’s F8 conference here and here.