Will Data Privacy Give Digitalization a Black Eye in 2023?
Most smartphone users don't care much about user privacy. They'll tell you to your face: “I don't care.”
But they do. Perhaps because of rabble-rousing journalists like myself, but more likely out of a sense of duty and general angst.
Maybe a relative has been the victim of identity theft either online or in meatspace. Maybe the advertisements constantly served up in their multiverse of comms platforms hit too close to the bone.
Users may feel that something is amiss but tapping into the advice of privacy advocates is often counterproductive. Visions of wild-eyed geeks insisting that everything run on open-source software — or that smartphones must be powered by Sailfish OS — are off-putting.
In 2022, maybe it seems easy to ignore data privacy. But you'll hear more about it in 2023, partly because governments now ramp up their efforts to rein in the relentless scraping of citizens' data.
And increasingly, the mantra “we take your privacy very seriously” rings hollow. Let's take a quick spin.
E.U. regulations
The top privacy watchdog is the European Union — possibly because this coalition doesn't host data conglomerates like Meta and Google. The E.U. is also responsible for the GDPR (General Data Protection Regulation (E.U.)) — a regulation in E.U. law on data protection and “an important component of E.U. privacy law and human rights law.” “The GDPR's primary aim is to enhance individuals' control and rights over their personal data and to simplify the regulatory environment for international business.”
The GDPR was adopted in April 2016 and became enforceable beginning May 25, 2018. A website documenting GDPR fines since that time shows a cumulative total of EUR400,000 (USD423,600) as of July 2018, when the first fines were levied. By end-2018, a mere EUR436,388 (USD462,135) had been banked.
California's privacy protection laws are a work-in-progress
The GDPR is no flash-in-the-pan. By end-2019, the total had climbed to EUR72,465,452 (USD76.74 million), and by end-2021, GDPR fines totaled EUR1,548,916,207 (USD1.64 billion).
Last month, “Ireland’s Data Protection Commission hit Meta with a €265 million fine (USD276 million) after an April 2021 data leak exposed the information of more than 533 million users”. “The DPC started the investigation shortly after news of the leak broke and involved an examination into whether Facebook complied with Europe’s General Data Protection Regulation (GDPR) laws.”
The ramping up of GDPR transgression fees attracts the attention of tech firms, who might view smaller fines as the simple cost of doing business. And as many of the transgressing firms are U.S.-based, it stands to reason that privacy rights should also advance Stateside.
California nation
In the patchwork quilt of U.S. federal versus state regulations, California State legislation often sets the tone for the nation. After all, if California were a nation, it would be somewhere around the world's fourth-largest economy, surpassing Germany.
“The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California,” says Wikipedia. “The CCPA became effective on January 1, 2020 [and] in November 2020, California voters passed Proposition 24, also known as the California Privacy Rights Act [CPRA], which amends and expands the CCPA.”
Monolithic tech firms note the efforts of the E.U.'s Margrethe Vestager
“The CPRA creates additional consumer rights, modifies existing CCPA rights, mandates a new category of consumer personal information with associated rules, and establishes a new privacy enforcement agency,” says Bloomberg Law. “The newer act expands consumer rights regarding how companies collect and use personal information.”
But it's too early for any impact assessments because California's nascent privacy protection laws remain a collective work-in-progress.
Bloomberg Law reports that California's legal eagles currently seek rough guidelines to comply with existing laws and future proscriptions. “'There’s still a lot that our clients are waiting for,' said Cassandra Gaedt-Sheckter, a privacy attorney at Gibson, Dunn & Crutcher LLP. 'But as they’re moving into the new year, I think companies are really just attempting to comply with what they understand at this point'.”
Susan Kohn Ross, who chairs the privacy practice for Mitchell Silberberg & Knupp LLP: “'We don’t know what those final regulations are going to look like. And until we see them, there’s no telling what the changes are that companies might need to undergo'.”
There's also no telling what fines the Golden State seeks to levy on companies that trespass their yet-unwritten rules. And as of yet, no U.S. state has a commissioner quite like Danish politician Margrethe Vestager.
The Commish
Privacy advocates and monolithic tech firms note efforts by Vestager, who currently serves as Executive Vice President of the European Commission For a Europe fit for the Digital Age and has since December 2019. “In her capacity as Commissioner for Competition, Vestager has gained international recognition for investigating, fining, or bringing lawsuits against major multinational companies including Google, Apple Inc, Amazon, Facebook, Qualcomm, and Gazprom,” says Wikipedia.
In a 2019 article, Wired U.K. described her as "the world's most famous regulator.” “Even her enemies admire the bloody-mindedness of Margrethe Vestager, the European commissioner in charge of competition policy,” wrote The Economist in 2017. “Last autumn, not long after she had ordered Apple to pay EUR13 billion (USD13.78 billion) in back taxes to Ireland, to the fury of many in America, she flew across the Atlantic on a charm offensive. The Americans were not charmed; Ms. Vestager was unmoved.”
Vestager's hit list is long and impressive. “In May [2017], she fined Facebook EUR110m (USD116.6m) for misleading E.U. trustbusters about its takeover of WhatsApp,” said The Economist. “In June, a long-running investigation resulted in a EUR2.4 billion (USD2.544 billion) fine on Google for using its search engine to promote its own comparison-shopping service.”
Consider this: for decades, tech firms have been represented to some extent by their CEOs. Steve Jobs, Larry Ellison, Bill Gates — all have been assumed to display a personality or strategy tied to their corporate strategies.
Thus we can view Vestager in a similar light. As privacy rights continue to surge forward in 2023, grabbing headlines and fistfuls of revenue, CDOs must remain aware of shifting privacy policies across the globe.
Stefan Hammond is a contributing editor to CDOTrends. Best practices, the IoT, payment gateways, robotics, and the ongoing battle against cyberpirates pique his interest. You can reach him at [email protected].
Image credit: iStockphoto/diego_cervo
