GDPR Celebrates Fifth Birthday, Meta Fined $1.3 Billion
It’s hard to believe it’s already been five years since the European Union implemented the General Data Protection Regulation (GDPR), the most far-reaching data privacy protection law at the time. Data suggests that, as the years have passed, consumers have grown to like the law. However, tech companies still have some work to do, as evidenced by Meta’s recent $1.3 billion fine for violating the GDPR.
Before the GDPR went into effect on May 25, 2018, there was no single overarching data privacy law covering Europe. Different countries had different laws, making it difficult for companies to navigate the regulatory landscape. GDPR changed all that by clearly spelling out the requirements that companies (and other organizations) must follow before collecting and using people’s private data.
For starters, companies must gain consent from users to collect and use their data. GDPR required them to store the data securely, and notify people if security is breached. People (that is, European residents) also gained the right to request information on how their data is used from companies. They also gain some power to stop companies from using their data, the so-called (but misnamed) “right to be forgotten” provision.
Under GDPR, companies were required to swiftly respond to requests from people. There were also new restrictions on the movement of data across borders (although inter-European transfers were still allowed). Companies that failed to abide by GDPR rules faced fines equal to up to 4% of their annual revenue.
The law is credited with putting an end to some of the most egregious abuses of big data. Events such as Cambridge Analytica scandal made people skeptical of untamed data collection hoovering. With the Wild West days of big data over (at least in Europe), investments in data governance increased. Instead of making a quick and easy buck exploiting people’s private data, GDPR encouraged companies to demonstrate good data stewardship and thoughtful application of analytics and AI (or more thoughtful, anyway).
The new law quickly became the model for similar data privacy laws in other jurisdictions, including the state of California, where the California Consumer Privacy Act (CCPA) went into effect in January 2020. Other countries and states implemented laws similar to GDPR, although the United States still has not yet enacted a data privacy law at the national level.
After five years under GDPR, things appear to be settling down, and data professionals are figuring out how to navigate around the laws pillars of protection. According to a Piwik PRO survey of 300 marketing executives and decision makers, understanding of GDPR is on the upswing across Europe. The survey found that more than 80% of EU companies find a balance between effective marketing and privacy compliance possible to achieve, a figure almost 20% more than last year.
More than 70% of study participants say they perceive GDPR as being easy to understand, according to the Piwik PRO survey, while nearly 80% say that laws like GDPR are important, up 5% from a year ago. Nearly 60% of companies are using marketing software with servers based in Europe, and about 75% are considering replacing their big tech tools with European alternatives, the survey says.
The data sovereignty aspect of the GDPR recently got Facebook-parent Meta in trouble. On Monday, Meta was fined €1.2 billion ($1.3 billion) by the Irish Data Protection Commission for moving data on European residents to servers based in the US. That is the biggest GDPR fine to date, and comes on top of an $887 million fine assessed to Amazon in Luxembourg and a $267 million fine on Meta’s WhatsApp property, also in Ireland.
The Irish regulator also stated that Meta would no longer be allowed to shared data on Europeans with its business customers in the US under provisions of the Privacy Shield framework. EU and US officials are working on a replacement for that data-sharing framework, called the European Data Privacy Framework, but the officials have not yet finalized the deal and it has yet to go into effect.
While GDPR as a whole “changed the world for the better,” the data-sharing provision of GDPR are nearly unworkable, according to privacy expert Aaron Mendes, the CEO and co-founder of PrivacyHawk.
“International companies have had to set up dedicated cloud architecture within Europe, which requires them to have duplicates of their product and maintain two versions to comply,” Mendes says. “While the spirit of this component of GDPR is to protect people’s data from going overseas where it can be used without the oversight of the European Union, it has just turned out not to be a realistic regulation.”
While Meta’s data-sharing activities may have complied with the new framework, Mendes faults the social media giant for failing to abide by the letter of the law.
“In pursuing profit, rather than comply with or leave the EU, they appear to have intentionally violated this regulation. So they deserve what they got. And they can easily afford it,” he says. “Also, it is widely accepted that Meta has been one of the worst violators of consumer privacy in history over the last 20 years. They have a little regard for consumer privacy and typically do the bare minimum required by law or public sentiment.”
While the tech giants get the biggest fines, not all GDPR violators have deep pockets. Many smaller companies, including dentists, restaurants, and beauty salons, have run afoul of the data privacy law. European data regulators may just be warming up, as they issued a record €1.65 billion in fines last year, a 50% increase from 2021, according to a DLA Piper survey.
Reflections on GDPR Turning Three
2018 – GDPR and the Big Data Backlash
June 2, 2023
- Esri Announces Winners of the 2023 ArcGIS Online Competition
- Accenture Acquires Nextira, Expanding Engineering Capabilities in AI & ML
- ReproCell, HNCDI, and IBM Introduce Pharmacology-AI to Optimize Drug Response Analysis
- BigID Revolutionizes Auto-Classification with Classifier Tuning
June 1, 2023
- Databricks Releases Keynote Lineup and Generation AI Programming for 2023 Data + AI Summit
- New Relic Launches Amazon Security Lake Integration
- Latest Couchbase Capella Release Features New Developer Platform Integrations and Greater Enterprise Features
- Anyscale Launches Aviary: Open Source Infrastructure to Simplify LLM Deployment
- Census Announces GitLink to Bring Software Engineering Best Practices to Data Activation Workflows
- GridGain Releases Conference Schedule for Virtual Apache Ignite Summit 2023
- Automation Anywhere and AWS Bring the Power of Generative AI to Mission Critical Mainstream Enterprise Processes
- Domino Reveals Breakthrough Innovations for Swift and Cost-effective Enterprise AI Deployment
- Acceldata to Illuminate Cloud-Based Management Solutions at Enterprise Data Summit
May 31, 2023
- AWS Announces General Availability of Amazon Security Lake
- Cloudera and Clalit Unite to Enhance Israeli Healthcare with Advanced Data Analytics
- SAS’s Intelligent Decisioning Earns Top Spot in Forrester’s AI Decisioning Platforms Evaluation
- MariaDB Ushers in New Era with Paul O’Brien as CEO, Unveils Ambitious Growth Plan
- Precisely Advances Leading Data Quality Portfolio, Providing Unparalleled Support to Customers on their Journey to Data Integrity
- Lightmatter Raises $154M to Deliver Photonic Products to Customers
- Aporia Partners with Databricks to Empower Organizations to Monitor ML Models in Real Time
Most Read Features
- Tableau Jumps Into Generative AI with Tableau GPT
- Data Mesh Vs. Data Fabric: Understanding the Differences
- Vector Databases Emerge to Fill Critical Role in AI
- Which BI and Analytics Vendors Are Incorporating ChatGPT, and How
- Google Claims Its TPU v4 Outperforms Nvidia A100
- LLMs Are the Dinosaur-Killing Meteor for Old BI, ThoughtSpot CEO Says
- The Semantic Layer Architecture: Where Business Intelligence is Truly Heading
- Open Source Provides Path to Real-Time Stream Processing
- Hallucinations, Plagiarism, and ChatGPT
- Beyond the Moat: Powerful Open-Source AI Models Just There for the Taking
- More Features…
Most Read News In Brief
- Microsoft Unifies Data Management, Analytics, and ML Into ‘Fabric’
- Mathematica Helps Crack Zodiac Killer’s Code
- Nine Things I Learned at Tableau Conference 2023
- Informatica Claims 80% Speedup for Data Management Tasks with LLMs
- Big Data Career Notes: May 2023 Edition
- AI Chatbots: A Hedge Against Inflation?
- IBM Embraces Iceberg, Presto in New Watsonx Data Lakehouse
- We’re Still in the ‘Wild West’ When it Comes to Data Governance, StreamSets Says
- Report: 80% of Global Workers Experience Information Overload
- Databricks Enhances Lakehouse Governance with Okera Acquisition and Immuta Investment
- More News In Brief…
Most Read This Just In
- DataStax and ThirdAI Announce Partnership to Democratize Access to Advanced AI Tech
- Pega Announces Pega GenAI to Infuse Generative AI Capabilities in Pega Infinity ’23
- Sumo Logic Names Joe Kim as President and CEO
- Google Cloud’s Generative AI Revolutionizing Workplace Applications: Major Enterprise Partnerships Announced
- ServiceNow and Hugging Face Release StarCoder LLM for Code Generation
- Red Hat OpenShift AI Accelerates Generative AI Adoption Across the Hybrid Cloud
- MariaDB Unveils Distributed SQL Vision at OpenWorks 2023, Boosting Scalability for MySQL and PostgreSQL Communities
- Francisco Partners Completes Acquisition of Sumo Logic
- Informatica Announces Expanded Industry Focus and Zero Cost Data Pipelines and Transformations with AWS
- Google Cloud Unveils A3 GPU Supercomputer: Next-Gen Power for Advanced AI Models
- More This Just In…
Sponsored Partner Content
Inside the ROI of Informatica iPaaS
Wakefield Survey: Monte Carlo’s 2023 State of Data Quality Survey
Achieving reliable data is a marathon not a sprint—get O’Reillys Data Quality Fundamentals
Get your single source of Snowflake data access truth, for free
40+ financial datasets, pre-integrated in Apperate.
Informatica Ranks as the #1 Data Engineering Vendor
IEEE Conference on Artificial Intelligence 2023June 5 @ 8:00 am - June 6 @ 5:00 pmSanta Clara CA United States
Enterprise Data SummitJune 7
CDAO Insurance 2023June 13 - June 14
ODSC Europe 2023June 14 - June 15London United Kingdom