It’s hard to believe it’s already been five years since the European Union implemented the General Data Protection Regulation (GDPR), the most far-reaching data privacy protection law at the time. Data suggests that, as the years have passed, consumers have grown to like the law. However, tech companies still have some work to do, as evidenced by Meta’s recent $1.3 billion fine for violating the GDPR.
Before the GDPR went into effect on May 25, 2018, there was no single overarching data privacy law covering Europe. Different countries had different laws, making it difficult for companies to navigate the regulatory landscape. GDPR changed all that by clearly spelling out the requirements that companies (and other organizations) must follow before collecting and using people’s private data.
For starters, companies must gain consent from users to collect and use their data. GDPR required them to store the data securely, and notify people if security is breached. People (that is, European residents) also gained the right to request information on how their data is used from companies. They also gain some power to stop companies from using their data, the so-called (but misnamed) “right to be forgotten” provision.
Under GDPR, companies were required to swiftly respond to requests from people. There were also new restrictions on the movement of data across borders (although inter-European transfers were still allowed). Companies that failed to abide by GDPR rules faced fines equal to up to 4% of their annual revenue.
The law is credited with putting an end to some of the most egregious abuses of big data. Events such as Cambridge Analytica scandal made people skeptical of untamed data collection hoovering. With the Wild West days of big data over (at least in Europe), investments in data governance increased. Instead of making a quick and easy buck exploiting people’s private data, GDPR encouraged companies to demonstrate good data stewardship and thoughtful application of analytics and AI (or more thoughtful, anyway).
The new law quickly became the model for similar data privacy laws in other jurisdictions, including the state of California, where the California Consumer Privacy Act (CCPA) went into effect in January 2020. Other countries and states implemented laws similar to GDPR, although the United States still has not yet enacted a data privacy law at the national level.
After five years under GDPR, things appear to be settling down, and data professionals are figuring out how to navigate around the laws pillars of protection. According to a Piwik PRO survey of 300 marketing executives and decision makers, understanding of GDPR is on the upswing across Europe. The survey found that more than 80% of EU companies find a balance between effective marketing and privacy compliance possible to achieve, a figure almost 20% more than last year.
More than 70% of study participants say they perceive GDPR as being easy to understand, according to the Piwik PRO survey, while nearly 80% say that laws like GDPR are important, up 5% from a year ago. Nearly 60% of companies are using marketing software with servers based in Europe, and about 75% are considering replacing their big tech tools with European alternatives, the survey says.
The data sovereignty aspect of the GDPR recently got Facebook-parent Meta in trouble. On Monday, Meta was fined €1.2 billion ($1.3 billion) by the Irish Data Protection Commission for moving data on European residents to servers based in the US. That is the biggest GDPR fine to date, and comes on top of an $887 million fine assessed to Amazon in Luxembourg and a $267 million fine on Meta’s WhatsApp property, also in Ireland.
The Irish regulator also stated that Meta would no longer be allowed to shared data on Europeans with its business customers in the US under provisions of the Privacy Shield framework. EU and US officials are working on a replacement for that data-sharing framework, called the European Data Privacy Framework, but the officials have not yet finalized the deal and it has yet to go into effect.
While GDPR as a whole “changed the world for the better,” the data-sharing provision of GDPR are nearly unworkable, according to privacy expert Aaron Mendes, the CEO and co-founder of PrivacyHawk.
“International companies have had to set up dedicated cloud architecture within Europe, which requires them to have duplicates of their product and maintain two versions to comply,” Mendes says. “While the spirit of this component of GDPR is to protect people’s data from going overseas where it can be used without the oversight of the European Union, it has just turned out not to be a realistic regulation.”
While Meta’s data-sharing activities may have complied with the new framework, Mendes faults the social media giant for failing to abide by the letter of the law.
“In pursuing profit, rather than comply with or leave the EU, they appear to have intentionally violated this regulation. So they deserve what they got. And they can easily afford it,” he says. “Also, it is widely accepted that Meta has been one of the worst violators of consumer privacy in history over the last 20 years. They have a little regard for consumer privacy and typically do the bare minimum required by law or public sentiment.”
While the tech giants get the biggest fines, not all GDPR violators have deep pockets. Many smaller companies, including dentists, restaurants, and beauty salons, have run afoul of the data privacy law. European data regulators may just be warming up, as they issued a record €1.65 billion in fines last year, a 50% increase from 2021, according to a DLA Piper survey.
Related Items:
Reflections on GDPR Turning Three
2018 – GDPR and the Big Data Backlash
March 29, 2024
- Domo Expands Native Integration Capabilities within Snowflake Data Cloud
- OpenPipe Secures $6.7M in Seed Funding to Revolutionize Developer Access to Custom LLMs
March 28, 2024
- Elastic Announces 2023 Elastic Excellence Awards Winners
- Woolpert Acquires Ireland-Based Murphy Geospatial, a Leading European Geospatial Solutions Firm
- WiDS Livermore Conference Attendees Network, Share Research and Absorb Wisdom
- Observe Announces $115M In Series B Financing
- Lightning AI’s New Thunder Compiler Boosts AI Development Efficiency by 40%
- Intel Gaudi 2 Remains Only Benchmarked Alternative to NV H100 for GenAI Performance
- Appen Launches Solution for Enterprises to Customize LLMs
- MineOS Unveils AI Asset Discovery
- Cloudera Survey Reveals 90% of IT Leaders Believe that Unifying the Data Lifecycle on a Single Platform is Critical for Analytics and AI
- Snowflake Enhances Secure, Cross-Cloud Collaboration for High Value Business Outcomes with Snowflake Data Clean Rooms
- Domo Announces Winners of the 2024 Community Ovation Awards
March 27, 2024
- New MLPerf Inference Benchmark Results Highlight the Rapid Growth of Generative AI Models
- Qlik Advances Real-time Data Analytics with Solace PubSub+ Platform Integration
- Samsung Unveils Expanded CXL Memory Module Portfolio at Memcon 2024, Enhancing AI and HPC
- Celestial AI Closes $175M Series C Funding Round Led by US Innovative Technology Fund
- Databricks Launches DBRX: A New Standard for Efficient Open Source Models
- Astronomer Unveils New Capabilities in Astro to Streamline Enterprise Data Orchestration
- DataVisor Introduces Enhanced Anti-Money Laundering Solution to Support Financial Institutions
Most Read Features
Sorry. No data so far.
Most Read News In Brief
Sorry. No data so far.
Most Read This Just In
Sorry. No data so far.
Sponsored Partner Content
-
Supercharge Your Data Lake with Spark 3.3
-
Learn How to Build a Custom Chatbot Using a RAG Workflow in Minutes [Hands-on Demo]
-
Overcome ETL Bottlenecks with Metadata-driven Integration for the AI Era [Free Guide]
-
Gartner® Hype Cycle™ for Analytics and Business Intelligence 2023
-
The Art of Mastering Data Quality for AI and Analytics
Sponsored Whitepapers
Contributors
Featured Events
-
Data Universe
April 10 - April 11New York United States -
Call & Contact Center Expo
April 24 - April 25Las Vegas NV United States -
AI & Big Data Expo North America 2024
June 5 - June 6Santa Clara CA United States -
AI Hardware & Edge AI Summit 2024
September 10 - September 12San Jose CA United States