Only three months short of its first year anniversary on May 28, it’s time to take a look at EU’s GDPR by numbers. Enforced to protect European users from unethical and illegal commercial practices, the internet privacy law has so far led to three major fines for privacy infringement.
Activities such as telemarketing, promotional e-mails and video surveillance received the highest number of complaints. In Germany, a social network operator was fined EUR 20,000 for failing to properly safeguard user data, while a sports café in Austria received a EUR 5,280 fine for illegally surveilling its customers. Yet the largest penalty hit Google. A French regulator fined the technology company EUR 50 million for lack of consent on ads.
Noticing the law’s success in Europe, the US Government Accountability Office (GAO) has joined forces with Apple CEO Tim Cook and a Senate subcommittee to call for a strong digital privacy law in the US, similar to the European model, Engadget writes. The growth of IoT devices is one of the top privacy concerns, together with vehicle data privacy, information resellers and mobile device location data, says a GAO report.
During a conference in Brussels last year, Tim Cook voiced his concern that data is "weaponized against us with military efficiency," thus a tough federal privacy law is imperative moving forward.
"Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies," Cook said. "Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence, and even undermine our shared sense of what is true and what is false. This crisis is real. It is not imagined, or exaggerated, or crazy."
The Federal Trade Commission (FTC), the body that has so far been responsible for analyzing Internet privacy cases in the US, does not have enough power, states the GAO report. In 10 years, the FTC has only closed 101 cases, all settlements. A US version of GDPR would give consumers more power over their online information, but would also force businesses and organizations to be more transparent with their data collection and sharing practices.
"Recent developments regarding Internet privacy suggest that this is an appropriate time for Congress to consider comprehensive Internet privacy legislation,” concludes the GAO report. “Comprehensive legislation addressing Internet privacy that establishes specific standards and includes APA notice-and-comment rulemaking and first-time violation civil penalty authorities could help enhance the federal government's ability to protect consumer privacy, provide more certainty in the marketplace as companies innovate and develop new products using consumer data, and provide better assurance to consumers that their privacy will be protected."