A video sharing app has just been handed a record fine of $5.7 million for knowingly hosting content by users aged under 13. The data was originally hosted by Musical.ly which was acquired by TikTok. The fine was issued by the Federal Trade Commission in the US which has ordered TikTok to delete that data. Bytedance, TikTok’s owner, booked revenue of approximately $7.4 billion last year. The fine works out to be 0.08%.
On 21 January, France fined Google almost $57 million for a violation of the GDPR. The French data privacy regulator CNIL said that Google failed to fully disclose to users how their personal information was being collected and what happens to it. CNIL also said that Google did not properly obtain users’ consent for the purpose of showing them personalised ads. Google’s parent company Alphabet racked up $138.6 billion in revenue last year. I’ve calculated the penalty as 0.04%.
In July 2018, Facebook was fined £500,000 by the ICO for the “very serious contravention” by the social media giant for allowing the misuse of personal data in political advertising by Cambridge Analytica. The Information Commissioner Elizabeth Denham said that if the breach had happened after May 25 of 2018 when GDPR was in full effect, the fine would have be considerably greater. In the last three months of 2018 alone, Facebook clocked up £12.8 billion in revenue. In relative terms, the monetary punishment is 0.004%.
These fines are minute in comparison with the amount of money flowing through these companies. GDPR has upped the ante with fines for data breaches of up to 4% of global turnover or €20 million, whichever is greater. However, I think we are barking up the wrong tree if we are only looking at pecuniary sanctions as deterrents for bad practice.
The GDPR also introduced a duty for companies to appoint a data protection officer. My fear is people in this position could just be made a scapegoat and fired any time there is a data incident, to make it look like there are real repercussions.
Thank you for your input
Thank you for your feedback
DataIQ is a trading name of IQ Data Group Limited
10 York Road, London, SE1 7ND
Phone: +44 020 3821 5665
Registered in England: 9900834
Copyright © IQ Data Group Limited 2024