Today is Friday 13th; so timely to consider the news stories this week saying that Google will soon be fronting up to the Federal Trade Commission (FTC) in the US to the tune of $22.5m fine (£14.5m). This is for allegedly bypassing privacy settings of users on the Safari web browser. The Wall Street Journal says that Google and the FTC may soon agree a settlement over the alleged breach which is reported to have involved Google having “worked around” user’s privacy settings designed to restrict cookies. What makes this so interesting is that if confirmed, this would be the largest fine ever imposed by the FTC.
That’s the largest fine every imposed by the FTC – one of the most active regulators in the US – for a privacy breach. And one viewed by the tech industry as a fairly obscure breach at that.
Surprising as it is to see fines for data privacy breaches at this level, this has been a trend a while in the making. As more and more data is placed in the hands of the digital giants, consumers have been becoming increasingly attentive to what these organisations are doing with this data. And increasingly sensitive to the risks where this data is misused.
Regulators on both sides of the Atlantic have reacted to these consumer concerns. The FTC and Federal Communications Commission (FCC) have been busy. The ICO in the UK has imposed a fine of £325,000; the largest yet from the ICO.
It has been interesting to see ICO fines coming thick and fast in the last six weeks, the ICO has issued five monetary penalties in just the last month and a half (violators including St George’s NHS Trust, Brighton and Sussex Hospitals NHS Trust, Belfast Health and Social Care Trust, Telford & Wrekin Council and Welcome Financial Services Limited). That is more than it issued in the entire first year of its right to issue monetary penalties.
It looks like this trend is set to continue until businesses get data privacy right. And just imagine what it would be like if that 2% of annual worldwide turnover penalty sitting in the draft EU Data Protection Regulation sees the light of day.