Follow on Substack
Follow on Medium
The federal government and state governments both have broad authority to force Facebook (Meta) to correct its entrenched problems with privacy abuses, account lockouts, scammers, bots, and mistreatment of advertisers, but they have not yet used that authority aggressively enough. Stronger enforcement, new legislation, and coordinated investigations could reshape how Facebook operates in the United States.
Why Government Action Is Needed
Facebook has a long record of privacy violations, including the Cambridge Analytica scandal and repeated breaches of a 2012 FTC privacy order, leading to a record 5 billion dollar fine but ongoing disputes over stricter limits.
Users continue to report being permanently locked out after “video selfie” or selfie verification reviews, often with no clear appeal path or human support, effectively erasing their accounts and access to contacts, groups, and business pages.
Advertisers report ad budgets being drained by bots and fraudulent clicks, phishing scams triggered by running ads, and difficulty getting refunds when Meta counts clearly fake engagements as “legitimate.”
Facebook’s growth has slowed or plateaued in mature markets while TikTok, Snapchat, and other platforms rise, shifting power but not reducing Facebook’s structural power over communities, small businesses, and political discourse.
These problems are outlined in detail in the book What’s Wrong with Facebook.
What Congress Should Do
Congress should immediately do the following:
Pass a comprehensive federal privacy law that sets clear limits on how platforms collect, combine, and monetize user data, including bans on repurposing security data (like phone numbers or ID selfies) for advertising or profiling.
Codify strong user rights: Face should be required to do the following: provide clear notice, data access, correction, portability, and deletion. It should provide fast human-reviewed appeal rights when accounts are disabled or monetized pages are taken down; and provide statutory damages when platforms ignore these rights.
Require platforms over a certain size (including Facebook) to maintain independent, auditable systems for fraud detection in advertising, and to provide timely, itemized refunds for invalid traffic, with penalties for systematic ad fraud or failure to investigate complaints for problems with advertising.
Clarify that “dark patterns,” deceptive consent flows, and hidden tracking constitute unfair or deceptive practices under federal law, making it easier for the FTC and state AGs to sue over manipulative interface designs.
Role of Committees, Hearings, and Subpoenas
House Energy and Commerce and Senate Commerce Committees should hold recurring oversight hearings on Meta’s compliance with privacy orders and its handling of scammers, bots, and account lockouts, rather than one-off headline hearings.
Committees should issue subpoenas for internal documents on:
How “video selfie” and other automated verification tools are used, error rates by region, and appeal pathways.
Internal estimates of ad fraud, bot traffic, and refund rates, and any evidence that Meta knowingly profits from invalid traffic.
The House Judiciary and Senate Judiciary Committees could examine whether Meta’s market power and conduct toward advertisers and small businesses — such as refusing to refund obviously fraudulent engagement — warrants antitrust remedies or structural separation of business lines.
Congress should mandate periodic public transparency reports from Meta, subject to perjury liability for executives, covering privacy incidents, account terminations, and ad fraud metrics.
FTC, DOJ, and Federal Enforcement Tools
The FTC should treat repeat violations of its existing orders as grounds for escalating remedies, including higher civil penalties, mandated product changes, and bans on specific data practices (such as monetizing minors’ data or using certain sensitive signals for ads).
When Meta launches “kitchen sink” constitutional challenges to evade new privacy limits, the DOJ should robustly defend the FTC’s authority and pursue parallel enforcement where criminal violations, obstruction, or false certifications are found.
The FTC can require:
Independent third-party audits of ad fraud and bot traffic on Meta’s platforms, with summaries made public.
Independent audits of account-verification systems, including selfie checks, to measure wrongful lockouts and bias across demographics.
The DOJ and the FTC can explore antitrust remedies if Meta’s dominance allows it to offload the costs of fraud and privacy harms onto users and advertisers while competitors struggle to gain fair footing.
What State Governments Can Do
State attorneys general can bring actions under state consumer protection laws against deceptive advertising metrics, mishandled refunds, and misleading claims about support and appeals when accounts or pages are disabled.
States can pass privacy laws modeled on or stronger than California’s laws, extending rights to transparency, correction, and deletion, and restricting how platforms handle biometric and ID data used in selfie or video verification.
Legislatures can require platforms to provide:
A clear, prompt appeals process for account bans, including human review for users whose accounts are tied to livelihoods or essential community roles.
State-level reporting on scam prevalence, bot activity affecting local advertisers, and response times to user complaints.
States can condition public agency advertising and official use of Facebook on minimum standards for fraud control, privacy compliance, and user redress, leveraging public contracts to push improvements.
Penalties, Restrictions, and Structural Remedies
Congress and state governments can arrange for the following penalties, restrictions, and structural remedies:
Monetary penalties: Congress can raise statutory caps and streamline penalty calculations so that large platforms face fines that scale with their global revenues for each day of noncompliance, making repeat violations economically intolerable rather than a cost of doing business.
Operational restrictions: Lawmakers and regulators can prohibit Meta from deploying high-risk systems, such as selfie-only verification or fully automated ad review, without validated error-rate benchmarks, appeal mechanisms, and public documentation.
Advertising restrictions: Regulators can require Meta to credit advertisers automatically when traffic is classified as invalid by independent auditors, and to pause campaigns when bot activity crosses defined thresholds, rather than continuing to bill advertisers.
Data minimization and purpose limits: Statutes and orders should tightly limit what data Facebook can collect and how long it can retain it, especially for sensitive identifiers used in verification, creating strong incentives to design safer systems up front.
Personal accountability: Senior executives could be subject to individual civil and, in serious cases, criminal liability for knowingly false compliance certifications or willful neglect of mandated privacy and security programs.
Summing Up
By using these tools together — investigations, subpoenas, fines, structural restrictions, and clear statutory rules — federal and state governments can push Facebook to fix deep-seated problems that it has repeatedly failed to address on its own, even as users and advertisers drift toward competing platforms and Facebook’s user base declines.
For more information, What’s Wrong with Facebook? is available on Amazon. To set up interviews or speaking engagements with the author, Gini Graham Scott, PhD, contact:
Karen Andrews
Executive Assistant
Changemakers Publishing and Writing
2145 San Ramon Valley Blvd., #4-366
San Ramon, CA 94583
(925) 804-6333 . changemakerspub@att.net
changemakerspublishingandwriting.com
