WASHINGTON, February 5, 2020 – Fines under the European Union’s General Data Protection Regulation follow patterns, some predictable and others less so, according to a presentation by lawyers Dan Cooper and Nicholas Shepherd of Covington and Burling.
The GDPR went into effect summer of 2018, and so far, 190 fines have been levied against European companies for data privacy violations. 150 of those violations occurred this year, with a sizable peak in the fourth quarter.
In fact, about half of the 2019 fines were levied in the last three months of the year. European businesses fear this uptick, but the data from January 2020 seems to be assuaging the fears, Cooper and Shepherd said: So far, only 9 fines have been levied in 2020.
However, the average fine value has been increasing.
Regulators seem to be more drastically punishing companies in larger and wealthier local markets, including France, Germany, and the U.K., which was part of the European Union until January 31, 2020.
Conversely, the greatest number of fines have been levied against companies in Spain and Romania, said Cooper.
Furthermore, the six heftiest fines account for 85 percent of the funds generated from the 190 fines levied in the past year and a half. That means that the data obscure the majority of low-level fines against a diverse spread of countries.
Technology and telecommunications took the prize for the greatest monetary burden for violations at 57 percent; the second greatest offender was transportation at just 12 percent.
Cooper said he was surprised that healthcare and retail, which are in fact huge sectors, only accounted for 6 percent and 7 percent of the monetary burden of fines, respectively.
Still, this data did not account for the two biggest proposed fines in the history of the GDPR: One against British Airways for 200 million Euros and against Marriott for 100 million Euros. These breaches involved the exposure of millions of names, addresses, and credit card numbers. The fines are still pending, meaning that negotiation and settlement between the regulators and the companies may still be taking place.
Cooper and Shepherd also demonstrated how the GDPR takes advantage of powers that go beyond simple fines. They related one example of how regulators forced a Canadian firm to erase mounds of personal data that they had held on to in violation of GDPR principles.
The attorneys also described a ruling where regulators forced a Polish dating app to send 5.7 million emails to clients, apologizing for data leakage. Despite no fine being levied, the total cost required to do this by Polish firm cost more than 8 million Euros, effectively a very major fine.
The lawyers warned participants that regulators will continue to slap progressively larger fines onto companies, especially social media firms, and will become more hawkish as issues such as AdTech, facial recognition, and voter data begins to loom larger in data collection.
Graph of enforcement from the presentation by Covington & Burling.
Lawmakers, FCC Take More Action Against Illegal Robocallers
There are new proposed rules that offer legal protections to those aiding in enforcement efforts against illegal robocalls.
WASHINGTON, April 27, 2022 – Regulators and legislators in Washington continued their efforts to curb unlawful telephony use with proposed rules designed to crack down robocalls.
On Wednesday, Rep. Bob Latta, R-Ohio, introduced the Robocall Trace Back Enhancement Act – an amendment to the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act.
If signed into law, the bill would provide legal immunity for a broad range of entities engaging in private efforts to track, surveil, and report on illegal robocalling scams.
The protected parties include registered consortiums that handle call receiving, sharing, and publishing and all voice service providers and any informants that share covered information.
It would also grant the Federal Communications Commission jurisdiction to take enforcement actions based on the information collected during the aforementioned activities.
FCC measures on cease-and-desist letters
In addition to this legislation, as part of her agenda to combat scam calls, on April 26 FCC Chairwoman Jessica Rosenworcel proposed closing a loophole to the STIR/SHAKEN regime afforded to small telcos.
Most telcos are required to adhere to cease-and-desist orders regarding illegal spam-calls and generally comply with actions taken by the FCC. The loophole in question gave smaller telcos greater latitude in how they chose to respond to FCC requests.
If adopted, the proposed regulation would require small telcos to abide by cease-and-desist orders, participate in robocall mitigation, cooperate with FCC enforcement, and take responsibility for facilitating illegal robocall traffic.
“International robocallers use these gateways to enter our phone networks and defraud American consumers,” Rosenworcel said in a statement, “We won’t allow them to bypass our laws and hide from enforcement.”
The new rule will be voted on at the FCC’s open meeting on May 19.
Federal Privacy Legislation Needed As State Legislation Could Harm Smaller Players, Event Hears
Different state privacy laws stifle competition and places burdens on small companies, experts say.
WASHINGTON, April 25, 2022 – While experts agreed that federal legislators need to take action on comprehensive privacy legislation, they disagreed on the specifics of how such regulation should be enforced.
Though some states have begun to establish their own frameworks for consumer privacy regulation, each framework puts forth different standards that online platforms would have to adhere to. These varied frameworks have raised concerns among many experts who consider a patchwork of legislation to raise the bar of compliance – a bar that could be lowered by federal legislation.
During an R Street panel on Monday, experts from the technology industry weighed in on the matter with their perspectives.
In March, Utah joined California, Colorado, and Virginia and became the fourth state to successfully pass consumer privacy legislation. Several additional states, including Florida, Massachusetts, New York, and Connecticut have experienced mixed success with their bills and have not yet signed anything into law.
Lartease Tiffith, executive vice president for public policy at the Interactive Advertising Bureau, said that the US is an outlier among developed countries. “We are one of the few developed countries that [does not have a federal privacy law],” he said. “I think that in order to reflect the same common values as our colleagues who are in Europe and elsewhere around the world, we need [to make] one.”
Beyond the international perspective, Tiffith also emphasized domestic justifications for federal legislation. “I cannot think of a subject matter that is not more under the purview of Congress than interstate commerce,” he said. “The internet is everywhere – it is not limited by borders. So, we need to have one standard, one set of laws. It should not matter where you live – California, Utah, Virginia, Colorado – you should have the same basic privacy rights as anyone, anywhere.”
Various state legislation harder for smaller companies
Tiffith also explained that a patchwork of regulation would hit smaller businesses the hardest. “If you are a small or medium sized business and you are looking at investing more money into your products and service and delivering and reaching customers – you want to do that rather than spending time on hiring more lawyers to deal with ever complicating regulations.
“We need this for the next set of Amazons and Googles of the world to exists,” he said.
While the panelists were able to agree on the fact that current patchwork of laws is not sustainable, they did not agree on how to enforce a federal framework.
A federal body for consumer data protection
Sara Collins, senior policy counsel for internet advocacy group Public Knowledge, voiced benefits to creating a new data protection authority in the US – a body distinct from the Federal Trade Commission – that would focus expressly on matters related to consumer data protection.
Tiffith pushed back, however, arguing that the FTC already does a good job at handling these issues, and is only held back by what he views as under-resourcing. “If you compare the FTC to other protection authorities, they are very under-resourced,” he said. “So, I think instead of us standing up a whole new data protection authority, I think instead, let’s invest that money in the FTC, give them some rules, some limited rulemaking authority, and let’s give them a lot more staff and a lot more money.
“Let them be the cop on the beat,” he said.
FCC Announces Majority of States Now Signed Onto Robocall Investigation Partnership
The FCC signed on five states this month and seven last month.
WASHINGTON, April 7, 2022 – The Federal Communications Commission said Thursday it has partnered with further five more state attorneys general to combat illegal robocalls.
The agency said Thursday it had signed on Alaska, California, Tennessee, Pennsylvania and Washington state to investigate the robocalls, which can lead to scams. Thursday’s news comes on the heels of a March 28 announcement, when the agency said it signed similar memorandum of understanding with Connecticut, the District of Columbia, Idaho, Kentucky, Minnesota, New Jersey, and Wyoming.
Altogether, the agency, which announced the federal-state partnership effort in February, said it has signed on the majority of the United States.
“It shows that we are united when it comes to fighting robocalls—urban, rural, north, south, east, and west,” said FCC Chairwoman Jessica Rosenworcel. “Today I invite every state and U.S. territory to join this effort and establish information sharing and cooperation structures with the FCC so we can work together to investigate and put an end to spoofing and robocall scam campaigns.”
The agency, which has made fighting illegal robocalls a key mandate, has previously credited states with catching those that allow robocalls.
Earlier this month, the FCC credited the North Carolina Department of Justice in an investigation that identified thinQ Technologies as a “facilitator” of robocalls. The agency, which is working with the Traceback Consortium to identify the culprits, has already sent more than a dozen cease and desist letters to those it has identified in investigations.
- Lack of People Opting Into Emergency Alerts Poses Problems for Natural Disaster Scenarios
- Big Tech Reforms Need Review of Cybersecurity to Ensure Capabilities Will Not Be Diminished, Event Hears
- Former FCC Chair Joins Company Board, Twitter to Pay $150 million in Privacy Case, Telehealth Prescriptions
- Broadband Breakfast on June 1, 2022 — Broadband Mapping and Data
- Supply Chain Transparency Legislation Important for Timely Broadband Bills
- Education Executives Tout Artificial Intelligence Benefits for Classroom Learning
Signup for Broadband Breakfast
Broadband Roundup4 months ago
Microsoft App Store Rules, California Defers on Sprint 3G Phase-Out, Samsung’s New IoT Guy
Broadband Roundup4 months ago
‘Buy American’ Waiver Request, AT&T Cuts Dividend for Builds, Jamestown Municipal Broadband Program
Broadband Roundup4 months ago
More From Emergency Connectivity Fund, Rootmetrics Says AT&T Leads, Applause for House Passing Chips Act
WISP4 months ago
Wireless Internet Service Providers Association CEO Claude Aiken to Step Down in April 2022
Big Tech3 months ago
‘Cartel’ is ‘Most Absurd Term Ever’ for Media Allowed Revenue Share With Tech Platforms: NMA
Broadband Roundup3 months ago
Rosenworcel’s Proposal for 9-1-1, Harris to Talk Broadband, AT&T Joins Ericsson Startup 5G Program
Broadband Roundup2 weeks ago
Google Facing App Store Suit, Shareholder Suit Against Twitter Buy, Fiber Optic Technician Training Nationwide
Blockchain4 months ago
NFTs May Be Central to the Emerging ‘Internet of Value,’ Say Experts at Pulver VON3