Five lessons from eye-watering privacy fines

At last — privacy regulators are showing their teeth. Each new week brings headlines about fines handed to a major brand for GDPR breaches. Amazon, Google and Facebook have all been caught out. And the monetary punishments are no small beer; we’re talking multi-million-pound penalties, big enough to make even Big Tech wince.

By Nigel Jones

Co Founder of The Privacy Compliance Hub

September 2022

So what can we learn from recent judgements against those who compromise privacy in pursuit of profit? Here are five key trends we’ve noted:

1)        The fightback is global

The backlash against poor privacy practices isn’t constrained to one country or territory alone. Meta, the owner of Facebook and Instagram, has seen its businesses fined in Asia (South Korea), Europe (Ireland and France) and the USA. Another Big Tech giant, Amazon, was hit by a record €746m fine in Luxembourg, having also been fined €35m in neighbouring France for dropping cookies without consent. Recently Clearview AI, which scraped millions of pictures of people’s faces from social media, was fined, punished or investigated in countries including the UK, Australia, Canada, Greece and Italy. Elsewhere, regulators in Germany, Austria and Spain have all issued multi-million-pound fines to privacy offenders. Worldwide organisations with poor privacy practices may well be asking where they’ll be fined next.   

2)        Attitudes are changing

Huge regulatory fines have either provoked, or run concurrently with, a vast shift in the way Big Tech approaches privacy. As consumers become more aware that in many cases ‘they are the product’, major technology companies are performing an about turn; instead of compromising privacy in pursuit of profit, they now emphasise privacy features… in pursuit of profit. At least this shows a willingness to recognise that customers value privacy, and hopefully a desire to continue to improve both ethically, and operationally.  

Answer our GDPR compliance checklist questions and we will email you an objective, personalised audit report within minutes, completely free of charge.

Get your audit

3)        No-one is immune

You’d think the highly-paid hotshot lawyers employed by Google, WhatsApp, British Airways and H&M could talk themselves out of a tricky run in with the regulator. Not a bit of it. Two of the most striking aspects of the recent fines are 1) the sheer size of the amounts, and 2) the sheer size of the businesses being fined. Regulators have been willing to hand them out to some of the biggest companies in the world. That’s not to say smallfry businesses are getting away scot-free; the UK’s Information Commissioner’s Office issued 15 fines in the first quarter of 2022 alone, many to SMEs

4)        The pain doesn’t stop with the fine

Nobody likes a major monetary penalty, but perhaps the most damaging consequence of high-profile GDPR and data breaches is the ongoing loss of trust. Customers – and shareholders – are walking away from businesses that compromise the fundamental human right of privacy. And when a data breach or privacy failure is compounded by either a slow response, insincere apology or attempted cover-up, reputational damage increases exponentially. 

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up now

5)        The only protection is a strong approach to privacy

In an age where hackers are growing in number and sophistication, and human error is a factor in most data breaches, the only way businesses can mitigate the risk of large privacy-related fines is to do the right thing in the first place. That means investing time and money in privacy compliance. Not only is this the ethical approach, it also reduces the risk of breaches, and may well prove a mitigating factor in any fines, if and when your business is caught out. 

If you’re committed to improving privacy, or worried by the prospect of a major data breach, scandal or fine, contact us to discuss your options.

More to watch and read