Privacy and Security
European Union’s General Data Protection Regulations Are Beginning to Bite Tech and Telecom Companies Globally

WASHINGTON, February 5, 2020 – Fines under the European Union’s General Data Protection Regulation follow patterns, some predictable and others less so, according to a presentation by lawyers Dan Cooper and Nicholas Shepherd of Covington and Burling.
The GDPR went into effect summer of 2018, and so far, 190 fines have been levied against European companies for data privacy violations. 150 of those violations occurred this year, with a sizable peak in the fourth quarter.
In fact, about half of the 2019 fines were levied in the last three months of the year. European businesses fear this uptick, but the data from January 2020 seems to be assuaging the fears, Cooper and Shepherd said: So far, only 9 fines have been levied in 2020.
However, the average fine value has been increasing.
Regulators seem to be more drastically punishing companies in larger and wealthier local markets, including France, Germany, and the U.K., which was part of the European Union until January 31, 2020.
Conversely, the greatest number of fines have been levied against companies in Spain and Romania, said Cooper.
Furthermore, the six heftiest fines account for 85 percent of the funds generated from the 190 fines levied in the past year and a half. That means that the data obscure the majority of low-level fines against a diverse spread of countries.
Technology and telecommunications took the prize for the greatest monetary burden for violations at 57 percent; the second greatest offender was transportation at just 12 percent.
Cooper said he was surprised that healthcare and retail, which are in fact huge sectors, only accounted for 6 percent and 7 percent of the monetary burden of fines, respectively.
Still, this data did not account for the two biggest proposed fines in the history of the GDPR: One against British Airways for 200 million Euros and against Marriott for 100 million Euros. These breaches involved the exposure of millions of names, addresses, and credit card numbers. The fines are still pending, meaning that negotiation and settlement between the regulators and the companies may still be taking place.
Cooper and Shepherd also demonstrated how the GDPR takes advantage of powers that go beyond simple fines. They related one example of how regulators forced a Canadian firm to erase mounds of personal data that they had held on to in violation of GDPR principles.
The attorneys also described a ruling where regulators forced a Polish dating app to send 5.7 million emails to clients, apologizing for data leakage. Despite no fine being levied, the total cost required to do this by Polish firm cost more than 8 million Euros, effectively a very major fine.
The lawyers warned participants that regulators will continue to slap progressively larger fines onto companies, especially social media firms, and will become more hawkish as issues such as AdTech, facial recognition, and voter data begins to loom larger in data collection.
Graph of enforcement from the presentation by Covington & Burling.
Big Tech
Big Tech Companies Talk the Talk on Privacy at CES 2021: Will They Walk the Walk?

WASHINGTON, February 5, 2020 – Fines under the European Union’s General Data Protection Regulation follow patterns, some predictable and others less so, according to a presentation by lawyers Dan Cooper and Nicholas Shepherd of Covington and Burling.
The GDPR went into effect summer of 2018, and so far, 190 fines have been levied against European companies for data privacy violations. 150 of those violations occurred this year, with a sizable peak in the fourth quarter.
In fact, about half of the 2019 fines were levied in the last three months of the year. European businesses fear this uptick, but the data from January 2020 seems to be assuaging the fears, Cooper and Shepherd said: So far, only 9 fines have been levied in 2020.
However, the average fine value has been increasing.
Regulators seem to be more drastically punishing companies in larger and wealthier local markets, including France, Germany, and the U.K., which was part of the European Union until January 31, 2020.
Conversely, the greatest number of fines have been levied against companies in Spain and Romania, said Cooper.
Furthermore, the six heftiest fines account for 85 percent of the funds generated from the 190 fines levied in the past year and a half. That means that the data obscure the majority of low-level fines against a diverse spread of countries.
Technology and telecommunications took the prize for the greatest monetary burden for violations at 57 percent; the second greatest offender was transportation at just 12 percent.
Cooper said he was surprised that healthcare and retail, which are in fact huge sectors, only accounted for 6 percent and 7 percent of the monetary burden of fines, respectively.
Still, this data did not account for the two biggest proposed fines in the history of the GDPR: One against British Airways for 200 million Euros and against Marriott for 100 million Euros. These breaches involved the exposure of millions of names, addresses, and credit card numbers. The fines are still pending, meaning that negotiation and settlement between the regulators and the companies may still be taking place.
Cooper and Shepherd also demonstrated how the GDPR takes advantage of powers that go beyond simple fines. They related one example of how regulators forced a Canadian firm to erase mounds of personal data that they had held on to in violation of GDPR principles.
The attorneys also described a ruling where regulators forced a Polish dating app to send 5.7 million emails to clients, apologizing for data leakage. Despite no fine being levied, the total cost required to do this by Polish firm cost more than 8 million Euros, effectively a very major fine.
The lawyers warned participants that regulators will continue to slap progressively larger fines onto companies, especially social media firms, and will become more hawkish as issues such as AdTech, facial recognition, and voter data begins to loom larger in data collection.
Graph of enforcement from the presentation by Covington & Burling.
Cybersecurity
Encryption Technologies Central to Debate About Online Free Speech, Say CDT-Charles Koch Event Panelists

WASHINGTON, February 5, 2020 – Fines under the European Union’s General Data Protection Regulation follow patterns, some predictable and others less so, according to a presentation by lawyers Dan Cooper and Nicholas Shepherd of Covington and Burling.
The GDPR went into effect summer of 2018, and so far, 190 fines have been levied against European companies for data privacy violations. 150 of those violations occurred this year, with a sizable peak in the fourth quarter.
In fact, about half of the 2019 fines were levied in the last three months of the year. European businesses fear this uptick, but the data from January 2020 seems to be assuaging the fears, Cooper and Shepherd said: So far, only 9 fines have been levied in 2020.
However, the average fine value has been increasing.
Regulators seem to be more drastically punishing companies in larger and wealthier local markets, including France, Germany, and the U.K., which was part of the European Union until January 31, 2020.
Conversely, the greatest number of fines have been levied against companies in Spain and Romania, said Cooper.
Furthermore, the six heftiest fines account for 85 percent of the funds generated from the 190 fines levied in the past year and a half. That means that the data obscure the majority of low-level fines against a diverse spread of countries.
Technology and telecommunications took the prize for the greatest monetary burden for violations at 57 percent; the second greatest offender was transportation at just 12 percent.
Cooper said he was surprised that healthcare and retail, which are in fact huge sectors, only accounted for 6 percent and 7 percent of the monetary burden of fines, respectively.
Still, this data did not account for the two biggest proposed fines in the history of the GDPR: One against British Airways for 200 million Euros and against Marriott for 100 million Euros. These breaches involved the exposure of millions of names, addresses, and credit card numbers. The fines are still pending, meaning that negotiation and settlement between the regulators and the companies may still be taking place.
Cooper and Shepherd also demonstrated how the GDPR takes advantage of powers that go beyond simple fines. They related one example of how regulators forced a Canadian firm to erase mounds of personal data that they had held on to in violation of GDPR principles.
The attorneys also described a ruling where regulators forced a Polish dating app to send 5.7 million emails to clients, apologizing for data leakage. Despite no fine being levied, the total cost required to do this by Polish firm cost more than 8 million Euros, effectively a very major fine.
The lawyers warned participants that regulators will continue to slap progressively larger fines onto companies, especially social media firms, and will become more hawkish as issues such as AdTech, facial recognition, and voter data begins to loom larger in data collection.
Graph of enforcement from the presentation by Covington & Burling.
Cybersecurity
President-Elect Joe Biden Must Reinforce Democracy in a Digital Age, Say Cybersecurity Experts

WASHINGTON, February 5, 2020 – Fines under the European Union’s General Data Protection Regulation follow patterns, some predictable and others less so, according to a presentation by lawyers Dan Cooper and Nicholas Shepherd of Covington and Burling.
The GDPR went into effect summer of 2018, and so far, 190 fines have been levied against European companies for data privacy violations. 150 of those violations occurred this year, with a sizable peak in the fourth quarter.
In fact, about half of the 2019 fines were levied in the last three months of the year. European businesses fear this uptick, but the data from January 2020 seems to be assuaging the fears, Cooper and Shepherd said: So far, only 9 fines have been levied in 2020.
However, the average fine value has been increasing.
Regulators seem to be more drastically punishing companies in larger and wealthier local markets, including France, Germany, and the U.K., which was part of the European Union until January 31, 2020.
Conversely, the greatest number of fines have been levied against companies in Spain and Romania, said Cooper.
Furthermore, the six heftiest fines account for 85 percent of the funds generated from the 190 fines levied in the past year and a half. That means that the data obscure the majority of low-level fines against a diverse spread of countries.
Technology and telecommunications took the prize for the greatest monetary burden for violations at 57 percent; the second greatest offender was transportation at just 12 percent.
Cooper said he was surprised that healthcare and retail, which are in fact huge sectors, only accounted for 6 percent and 7 percent of the monetary burden of fines, respectively.
Still, this data did not account for the two biggest proposed fines in the history of the GDPR: One against British Airways for 200 million Euros and against Marriott for 100 million Euros. These breaches involved the exposure of millions of names, addresses, and credit card numbers. The fines are still pending, meaning that negotiation and settlement between the regulators and the companies may still be taking place.
Cooper and Shepherd also demonstrated how the GDPR takes advantage of powers that go beyond simple fines. They related one example of how regulators forced a Canadian firm to erase mounds of personal data that they had held on to in violation of GDPR principles.
The attorneys also described a ruling where regulators forced a Polish dating app to send 5.7 million emails to clients, apologizing for data leakage. Despite no fine being levied, the total cost required to do this by Polish firm cost more than 8 million Euros, effectively a very major fine.
The lawyers warned participants that regulators will continue to slap progressively larger fines onto companies, especially social media firms, and will become more hawkish as issues such as AdTech, facial recognition, and voter data begins to loom larger in data collection.
Graph of enforcement from the presentation by Covington & Burling.
-
Artificial Intelligence1 month ago
U.S. Special Operations Command Employs AI and Machine Learning to Improve Operations
-
Section 2302 months ago
President Trump’s FCC Nominee Grilled on Section 230 During Senate Confirmation Hearing
-
Broadband Roundup2 months ago
Benton on Middle Mile Open Access Networks, CENIC Fiber Route in California, Investors Buying Bitcoin
-
#broadbandlive3 months ago
Broadband Breakfast Live Online on Wednesday, November 18, 2020 — Case Studies of Transformative 5G Apps in the Enterprise
-
Broadband Roundup1 month ago
Trump Signs Executive Order on Artificial Intelligence, How Not to Wreck the FCC, Broadband Performance in Europe
-
5G2 months ago
5G Stands to Impact Industry Before Consumers, Says Verizon CEO Hans Vestberg
-
#broadbandlive4 months ago
Broadband Breakfast Live Online on Wednesday, September 30, 2020 — Champions of Broadband: Sunne McPeak
-
5G4 months ago
Top Executives From Dell, Dish Networks and T-Mobile Tout Details of Their Companies’ 5G Deployments