Tech giant Google has been hit with a record €50 million ($57m) fine from the European Union for breaching new data privacy regulations. According to experts, this case is “just the tip of the iceberg.”
In the wake of several high-profile data breaches and misuse scandals, the EU introduced the General Data Protection Regulation (GDPR) in May 2018. As one of the largest data handlers in the world, it’s not surprising that Google has already found itself in hot water. Although the fine is way below the maximum, it’s being seen as “a warning shot” to the rest of the tech industry.
The full amount companies can be fined under the new law is €20m or 4% of global profit – whichever is more. For the likes of huge corporations like Google, Amazon, and Apple, this represents a figure well into the billions. Although these new laws spell trouble for tech giants, it’s potentially a triumph for citizen’s privacy rights. According to Rona Mascona, a partner at international law firm Forsey & Witney, “after many years of under-enforcement, regulators in the EU are prepared to use GDPR and flex their muscles.”
But will these tough new laws make it across the Atlantic? According to Representative Will Hurd, the chair of Information Technology Subcommittee of the House Committee on Oversight and Government Reform, they’re taking a view. The ex-CIA official said: “We need to be evaluating what our friends across the Atlantic did because it is still coming up in conversations about privacy here in the United States,” the Texas Rep said. “I think a component of the privacy conversation in the 116th Congress is going to be, is GDPR working, and how is that impacting the United States?”
However, at least one state isn’t waiting for the federal government to make its move. Early last year, California announced strict new privacy laws that will come into effect in January 2020. According to the Golden State’s Attorney General Xavier Becerra, the new regs will focus on shifting data protection responsibilities to companies. Becerra likened data protection to having a baby, saying, “I would say to any company that wants to collect data, it is like having a baby. If you drop that baby in the wrong way, you’ve committed a crime.” We were unaware there was a right or wrong way to drop a baby, but we get what he’s trying to say.
So will the precious data babies of America be safer in the future? The jury’s still out on Capitol Hill, but meanwhile, we can hope that Google learns from its mistakes in the battle against spam.