In the last few days, multiple fines related to privacy have been announced. More specifically:
- British Airways €203M/£183M/$230M (CNN, The Verge)
- Marriott €109M/£99M/$124M (CNN, The Guardian)
- Facebook ca€4.5B/ca£4B/ca$5B (The Telegraph, NYT)
Even if I talk about them “collectively”, I would like to point out that the third one is very different in nature, in nature and in the jurisdiction, and therefore in the amount of the fine from the first two, which are fairly similar among them.
We need to remember that:
- the British Airways one is the highest GDPR fine at the time
- the Facebook settlement is about the highest fine for the FTC at the time
Even though the Facebook settlement could have been a little bit too soft (Market Insider), those are very important numbers.
I think those fines are going to be a trendsetter. The GDPR was created in 2015 and has been enforced since 2018, but not many big fines have been awarded so far (Wikipedia). Those are the first 2 GDPR fines to cross the €100M mark (the highest one before those two was inflicted to Google on the 21/01/2019 and it was €50M). In my opinion, we will see more similar fines in the future.
I think this is very positive because up to now, everyone was saying that users’ privacy was important, but it did not have an economic value. Those kinds of fines are a good way to put an economic value on the security of user data. Another interesting aspect is that with fines, the value is not assigned to the user data, but their protection. This means that the various bodies are not saying that the data have a value, which would create companies that are evaluated on the amount of user data they own, even more than what already happens. Basically, those sentences are affirming that users’ personal data are as much a liability as an asset, if not more.
Hopefully, if more and more fines will arrive around the (lack of) security of user data, more and more companies will start to address more seriously this matter, and we will end up in a far safer world.