Member-only story
Regulators Are Figuring Out How to Make Google and Facebook Sweat
Fines go only so far, but something bigger is taking shape
The Wild West era may be drawing to a close for tech corporations like Facebook and Google. New scrutiny from regulators abroad — and some closer to home — is resulting in fines that portend more substantial changes on the horizon. Soon, your data may rest a bit more squarely in your control.
Last month, Google became one of the first U.S. companies to be punished under Europe’s General Data Protection Regulation, a sweeping consumer privacy and data protection law. The French regulator, the Commission Nationale de l’Informatique et des Libertés (CNIL), fined Google $57 million for breaching the law’s provisions on user consent. Per CNIL, Google failed to adequately disclose how a person’s information was used to serve advertisements.
The $57 million fine it isn’t much to the tech giant. (It amounts to roughly 0.15 percent of Google parent company Alphabet’s multibillion-dollar revenue in the most recent quarter alone.) But to the regulator, the fine was substantial. It was the largest-ever penalty for data privacy and was inflicted, CNIL said, due to the “severity of the infringements” and “continuous breaches of the regulation.”
