GDPR Fines — What Do You Get Out of It?
GDPR Fines — What Do You Get Out of It?
The General Data Protection Regulation has come to effect in May of 2018. With just over half a year in practice, how many fines were applied, and how did you benefit from them?
If it is your data that was hacked why are you not seeing any of the money from the fines in your wallet?
1. Major Data Breaches and Fines
The Information Commissioner Office (ICO) of the United Kingdom has issued as of December 2018, 97 monetary penalties for data breaches.
There are some quite famous names among these 97 fines: Facebook, Heathrow Airport, Equifax, British Telecom, Yahoo, Royal Mail, Flybe, Honda, eBay and many many more that you can check here.
The Facebook — Cambridge Analytica scandal saw the personal sensitive data of 87 million Facebook users improperly shared with a political consultancy agency. The fine? £500.000. Just in comparison, Facebook’s last year revenue was: $40.65 Billion
What a slap on the wrist for a blue chip company with an impressive revenue. What a slap on the wrist for the most infamous data leak of the century (so far).
This is in the UK only, however, if found it breached the GDPR, Facebook could face a $1.6 Billion fine in the EU. However, this value still represents less than 4% of Facebook’s Yearly Revenue.
Every country has its own Information Commissioner Office (ICO) that is tasked with investigating and fine companies responsible for breaching data protection regulations (GDPR in Europe). The amount of the fine is indexed to the company’s previous year revenue, however, does this really motivate companies to adopt good practices to keep your data safe and protected? Well… experience and history tell us NO! Facebook keeps getting involved in data leaks scandals, other big companies followed: Google, Yahoo, eBay, Quora… and many many more!
The problem is that fines are not a preventive measure, they are a punishment. As the Social Exchange Theory posits: you consider the possible benefits and risks of an action. If you perceive higher benefits than risks, you will perform the given action. It is like saying to a teenager: “If you smoke I will spank you”. The teenager will still be attracted to smoking, the ‘price’ to pay is not that big. However, if you tell the teenager: “If you smoke, you are gonna die earlier than your friends”. Perhaps he will not smoke.
I understand that this is not that accurate of a comparison. However, it serves to say that, in order for companies to shift their (lack) of data practices, they need preemptive (or preventive) motivation measures.
The problem is that YOU (users in general) do not fully understand the value of the data you generate. I am not saying you don’t understand the value of your name, e-mail, credit card info, NSFW browsing history, and other data. What I am saying is that you, perhaps, underestimate the type of insights about you, your family, and your daily life, a company can derive from what appears to be fragmented and trivial data (e.g. GPS data).
2. Where Does The Money From The Fines go?
Now let’s (hope) imagine Facebook gets a $1.6 Billion fine from the EU. Facebook claims that only 10% of the 87 million affected users were from the EU.
Time for quick math:
Users Affected: 10% of 87million = 8.7 Million
Fine: $1.6 Billion
So…. $1.6 Billion / 8.7 Million users = $184 each
That is how much you could receive.
It is your data leaked. It is your data used without your consent. Should you get money from leaks? YES! Do you? NO!
So where does the money go? It generally does not go to the Information Commissioner Office as this could be seen as a conflict of interest (They would be extra motivated to fine left and right if this was the case).
The answer is: It varies by jurisdiction. However, it mainly ends up with the treasury department of the country issuing the fine.
What do you get from it? Absolutely nothing!
Perhaps, it is time to start thinking about our personal data as a commodity. As a thing that we produce that belongs to us. If companies want to use it and leverage it, they would have to pay for it.
What do you think? Does privacy matter to you? What steps do you take to ensure your data is safely protected for third-party access?
Come discuss this with us and our amazing community in our Telegram channel!
Want to stay up to date with ORCA?
Follow us on our social channels: