The 5 most remarkable privacy moments of the last year Bookmark has been added
The 5 most remarkable privacy moments of the last year
Let’s celebrate the GDPR’s first birthday!
This week we celebrate the GDPR’s first birthday! It is nearly impossible to have missed the day that the GDPR came into effect. Not only Europe, but the whole world was hysterical about the 25th of May 2018. With a major impact on the personal data processing activities of many organizations, the enforcement of the GDPR resulted in an interesting year for privacy worldwide. Therefore, we thought today would be a good day to reflect on the five most remarkable privacy moments of the last year.
By Iris Bosma | May 24, 2019
- Exploding inboxes
- The most expensive hack
- Cambridge Analytica raid by the English DPA
- The first serious European fine
- Mark vs the Senate
The most expensive hack
In the last year Uber received fines from the Netherlands, France, the UK and the United states for a single security hack that took place in 2016. During the hack, which was not reported by Uber, unauthorized persons acquired access to the personal data of 57 million Uber-users, customers and drivers, worldwide. The English DPA imposed a fine of £385.000 for Uber’s failure to protect customers’ personal information during the cyber-attack. In addition, the Dutch DPA imposed a fine of €600.000 and the French DPA followed suit with a fine of €400.000 for not reporting the hack to the any authorities. The abovementioned European fines may be considered low in comparison to the 148 million dollar settlement between Uber and the District of Columbia in the United States for this hack.
Cambridge Analytica raid by the English DPA
On a Friday night at the end of March last year, eighteen enforcement officers of the English Data Protection Authority entered the Cambridge Analytica headquarters in London. The controversial political consulting company allegedly misused the personal information of over 50 million Facebook users for tailor-made political campaigns that supported Donald Trump and Brexit. By raiding the company’s headquarters, the English DPA played a central role in the investigation of Cambridge Analytica’s use of personal data collected from Facebook.
The first serious European fine
On the 21st of January 2019 the French DPA imposed a financial penalty of 50 million euros on Google in accordance with the GDPR for a lack of transparency, inadequate information and a lack of valid consent regarding personalized advertisement. According to the French DPA, users are not able to fully understand the extent of the processing operations carried out by Google. Although this 50 million euro fine imposed on Google is the biggest fine imposed within the European Union for the violation of privacy legislation so far, the amount is extremely small compared to the maximum allowed by the GDPR for this type of offense by Google. The GDPR allows a maximum of four percent of Google’s annual turnover, which would easily run into billions (simple calculation: $136,22 billion * 0,04 = max $5,45 billion).
Mark vs the Senate
Besides remembering 2018 as the year in which the GDPR came into effect, last year will probably also be remembered as the year in which Mark Zuckerberg was questioned for almost ten hours by senators and representatives for the company’s privacy policies and its role in the Cambridge Analytica scandal. The world was closely watching and - although everyone expected Mark to get questioned roughly on Facebook’s responsibility – most senators’ understanding of the possibilities of present-day technology did not meet the public’s expectations. Interestingly, Facebook recently revealed its quarterly figures, which showed that the company set aside $3 billion for an expected fine from the Federal Trade Commission over privacy violations. A fine this high would undoubtedly have an enormous impact – even on a company the size of Facebook. Even more interesting is that it looks like one of the biggest data companies in the world is in a process of changing its overall strategy due to the changing public opinion on privacy.
All together it has been an amazing year for privacy all over the world. At Deloitte we are constantly conducting research towards the GDPR and privacy in general to stay up-to-date in this everchanging field. If you want to read more about our blogs and research, please visit Deloitte’s privacy page, or sign up for our privacy e-mail alert.
Privacy email alert
Receive the latest Privacy insights.Sign-up
Feel free to contact Annika Sponselee or Nicole Vreeman via their contact details below.