Member-only story
Regulators Are Figuring Out How to Make Google and Facebook Sweat
Fines go only so far, but something bigger is taking shape
The Wild West era may be drawing to a close for tech corporations like Facebook and Google. New scrutiny from regulators abroad — and some closer to home — is resulting in fines that portend more substantial changes on the horizon. Soon, your data may rest a bit more squarely in your control.
Last month, Google became one of the first U.S. companies to be punished under Europe’s General Data Protection Regulation, a sweeping consumer privacy and data protection law. The French regulator, the Commission Nationale de l’Informatique et des Libertés (CNIL), fined Google $57 million for breaching the law’s provisions on user consent. Per CNIL, Google failed to adequately disclose how a person’s information was used to serve advertisements.
The $57 million fine it isn’t much to the tech giant. (It amounts to roughly 0.15 percent of Google parent company Alphabet’s multibillion-dollar revenue in the most recent quarter alone.) But to the regulator, the fine was substantial. It was the largest-ever penalty for data privacy and was inflicted, CNIL said, due to the “severity of the infringements” and “continuous breaches of the regulation.”
No one sees this penalty as a one-off. Instead, it could be the beginning of a bigger change in how European regulators approach the entire online advertising industry, thanks to pressure from activist groups aggressively pursuing some U.S. technology giants.
While CNIL ultimately levied the penalty, the case was brought to it by a pair of privacy advocacy groups: None of Your Business (NYOB) and La Quadrature du Net. Under new European privacy rules, nonprofits like NOYB, which was founded by privacy activist Max Schrems, act as “fire alarms,” said Abraham Newman, a professor at Georgetown who focuses on international relations. More specifically, the groups can bring data privacy cases to regulators on behalf of users.
If NYOB and other activists succeed in getting European regulators to adopt a strict interpretation of the GDPR, they could fundamentally alter how companies like Facebook collect data from users. For example, tech companies could find themselves…
