XML 37 R17.htm IDEA: XBRL DOCUMENT v3.20.2
Commitments and Contingencies
 6 Months Ended
Jun. 30, 2020
Commitments and Contingencies Disclosure [Abstract]  
Commitments and Contingencies Commitments and Contingencies
Guarantee
In 2018, we established a multi-currency notional cash pool for certain of our entities with a third-party bank provider. Actual cash balances are not physically converted and are not commingled between participating legal entities. As part of the notional cash pool agreement, the bank extends overdraft credit to our participating entities as needed, provided that the overall notionally pooled balance of all accounts in the pool at the end of each day is at least zero. In the unlikely event of a default by our collective entities participating in the pool, any overdraft balances incurred would be guaranteed by Facebook, Inc.
Other contractual commitments
We also have $8.30 billion of non-cancelable contractual commitments as of June 30, 2020, which are mostly related to our investments in network infrastructure, content acquisitions, consumer hardware, and data center operations. These commitments are primarily due within five years.
Legal Matters
Beginning on March 20, 2018, multiple putative class actions and derivative actions were filed in state and federal courts in the United States and elsewhere against us and certain of our directors and officers alleging violations of securities laws, breach of fiduciary duties, and other causes of action in connection with our platform and user data practices as well as the misuse of certain data by a developer that shared such data with third parties in violation of our terms and policies, and seeking unspecified damages and injunctive relief. Beginning on July 27, 2018, two putative class actions were filed in federal court in the United States against us and certain of our directors and officers alleging violations of securities laws in connection with the disclosure of our earnings results for the second quarter of 2018 and seeking unspecified damages. These two actions subsequently were transferred and consolidated in the U.S. District Court for the Northern District of California with the putative securities class action described above relating to our platform and user data practices. On September 25, 2019, the district court granted our motion to dismiss the consolidated putative securities class action, with leave to amend. On November 15, 2019, an amended complaint was filed in the consolidated putative securities class action. We believe these lawsuits are without merit, and we are vigorously defending them. In addition, our platform and user data practices, as well as the events surrounding the misuse of certain data by a developer, became the subject of U.S. Federal Trade Commission (FTC), state attorneys general, and other government inquiries in the United States, Europe, and other jurisdictions. In July 2019, we entered into a settlement and modified consent order to resolve the FTC inquiry, which was approved by the federal court and took effect in April 2020. Among other matters, our settlement with the FTC required us to pay a penalty of $5.0 billion which was paid in April 2020 upon the effectiveness of the modified consent order.
On April 1, 2015, a putative class action was filed against us in the U.S. District Court for the Northern District of California by Facebook users alleging that the "tag suggestions" facial recognition feature violates the Illinois Biometric Information Privacy Act, and seeking statutory damages and injunctive relief. On April 16, 2018, the district court certified a class of Illinois residents, and on May 14, 2018, the district court denied both parties' motions for summary judgment. On May 29, 2018, the U.S. Court of Appeals for the Ninth Circuit granted our petition for review of the class certification order and stayed the proceeding. On August 8, 2019, the Ninth Circuit affirmed the class certification order. On December 2, 2019, we filed a petition with the U.S. Supreme Court seeking review of the decision of the Ninth Circuit, which was denied. On January 15, 2020, the parties agreed to a settlement in principle to resolve the lawsuit, which provided for a payment of $550 million by us and was subject to court approval. On or about May 8, 2020, the parties executed a formal settlement agreement, and plaintiffs filed a motion for preliminary approval of the settlement by the district court. On June 4, 2020, the district court denied the plaintiffs' motion without prejudice. On July 22, 2020, the parties executed an amended settlement agreement, which, among other terms, provides for a payment of $650 million by us. The settlement is subject to court approval. The settlement amount is reflected in accrued expenses and other current liabilities on our condensed consolidated balance sheet as of June 30, 2020.
Beginning on September 28, 2018, multiple putative class actions were filed in state and federal courts in the United States and elsewhere against us alleging violations of consumer protection laws and other causes of action in connection with a third-party cyber-attack that exploited a vulnerability in Facebook's code to steal user access tokens and access certain profile information from user accounts on Facebook, and seeking unspecified damages and injunctive relief. The actions filed in the United States were consolidated in the U.S. District Court for the Northern District of California. On November 26, 2019, the district court certified a class for injunctive relief purposes, but denied certification of a class for purposes of pursuing damages. On January 16, 2020, the parties agreed to a settlement in principle to resolve the lawsuit. We believe the remaining lawsuits are without merit, and we are vigorously defending them. In addition, the events surrounding this cyber-attack became the subject of Irish Data Protection Commission (IDPC) and other government inquiries.
From time to time we also notify the IDPC, our designated European privacy regulator under the General Data Protection Regulation, of certain other personal data breaches and privacy issues, and are subject to inquiries and investigations regarding various aspects of our regulatory compliance. Although we are vigorously defending our regulatory compliance, we believe there is a reasonable possibility that the ultimate potential loss related to the inquiries and investigations by the IDPC could be material in the aggregate.
In addition, from time to time, we are subject to litigation and other proceedings involving law enforcement and other regulatory agencies, including in particular in Brazil and Europe, in order to ascertain the precise scope of our legal obligations to comply with the requests of those agencies, including our obligation to disclose user information in particular circumstances. A number of such instances have resulted in the assessment of fines and penalties against us. We believe we have multiple legal grounds to satisfy these requests or prevail against associated fines and penalties, and we intend to vigorously defend such fines and penalties.
With respect to the cases, actions, and inquiries described above, we evaluate the associated developments on a regular basis and accrue a liability when we believe a loss is probable and the amount can be reasonably estimated. In addition, we believe there is a reasonable possibility that we may incur a loss in some of these matters. With respect to the matters described above that do not include an estimate of the amount of loss or range of possible loss, such losses or range of possible losses either cannot be estimated or are not individually material, but we believe there is a reasonable possibility that they may be material in the aggregate.
We are also party to various other legal proceedings, claims, and regulatory, tax or government inquiries and investigations that arise in the ordinary course of business. Additionally, we are required to comply with various legal and regulatory obligations around the world. The requirements for complying with these obligations may be uncertain and subject to interpretation and enforcement by regulatory and other authorities, and any failure to comply with such obligations could eventually lead to asserted legal or regulatory action. With respect to these other matters, asserted and unasserted, we evaluate the associated developments on a regular basis and accrue a liability when we believe a loss is probable and the amount can be reasonably estimated. In addition, we believe there is a reasonable possibility that we may incur a loss in some of these other matters. We believe that the amount of losses or any estimable range of possible losses with respect to these other matters will not, either individually or in the aggregate, have a material adverse effect on our business and condensed consolidated financial statements.
The ultimate outcome of the legal matters described in this section, such as whether the likelihood of loss is remote, reasonably possible, or probable, or if and when the reasonably possible range of loss is estimable, is inherently uncertain. Therefore, if one or more of these matters were resolved against us for amounts in excess of management's estimates of loss, our results of operations and financial condition, including in a particular reporting period in which any such outcome becomes probable and estimable, could be materially adversely affected.
For information regarding income tax contingencies, see Note 12 — Income Taxes.