The EU vs. Tech Darlings - April 10, 2018
It seems like just yesterday, with tech stocks on a permanent tear, the market was falling all over themselves to come up with ever cuter acronyms, FAANG, FANG, FANGMAN, etc.. for these equity market darlings. However, the storm clouds are now casting shadows over these same names, whether in the form of angry Trump Tweets or the Cambridge Analytica debacle. Even today, with Mark Zuckerberg appearing in a dog and pony show before Congress (and not under oath we might add), the US may finally be realizing how deep the data collection rabbit hole goes. With Senators clamoring for consumer protections and control, what are the options for reining in big tech? Legislators may be wise to turn their eyes to across the Pond, where the EU has been battling these bogeys for quite some time, as highlighted in this Vox article.
As far back as 1995, the European Parliament has been concerned with protections on personal data and passed “DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data”.
Indeed, the legislation has already shown its significance in the form of a Spanish court ruling in 2014 that Google must allow people to have their data “forgotten”.
As the data subject may... request that the information in question no longer be made available to the general public on account of its inclusion in such a list of results, those rights override, as a rule, not only the economic interest of the operator of the search engine but also the interest of the general public in having access to that information upon a search relating to the data subject’s name. [emphasis our own].
An unpleasant development, this ruling was built upon earlier this year, when a German court ruled that Facebook’s default privacy settings broke the law, as highlighted in this article from the Guardian. In addition to discussing the numerous ways that Facebook was breaking German laws, the Guardian article hints at the looming enforcement of the General Data Protection Regulation or GDPR.
Passed in 2016, the GDPR is the successor to the 1995 regulation and takes things up a notch. Not only did it clarify a number of issues relating to consumers and companies, but also the penalties for noncompliance, as highlighted in this article from tech-focused CNET. This legislation, which takes effect on May 25, could be a wildcard. In addition, to containing strict rules about consent and consumer notification in relation to data breaches, it also ups the punitive ante. From here on out, organizations could face fines as high as 4% of annual global revenue, which in the case of Facebook and based off projectd 2018 revenues could be a not-insignificant $2billion. Some potential good news for Facebook is it appears that the regulation won’t be applied retroactively. However, should the US follow suit Facebook and other companies who rely on collecting and selling personal data could be in a bind. As the CNET article concludes:
[T]he EU has set a new standard with its expansive definition of personal data, requirement for rapid, comprehensive notification and higher financial penalties.