Will Data Enforcement Begin to Protect User Privacy?
Ryan Rakover, February 25, 2021
Ryan Rakover, February 25, 2021
In this era of data awareness, the user is met with repeated requests for consent. There is no consistency in the data laws between different countries, and the way in which consent and user rights are presented. Only one thing seems to unify all these different laws is enforcement which aims to protect users’ rights and the data exchange. However, how that data enforcement is carried out is still in the early stages across the globe.
Since GDPR’s launch in 2018, there have been over 281,000 GDPR breach notifications in the EU. Germany and the Netherlands have had more notifications than other member states, while the largest fines have been handed out in France and Italy. The highest total number of fines have been in Italy, with the country enforcing a current total of over 57.2 million euro in GDPR related fines.
During the first few years of enforcement we have seen high penalties given to some of the largest companies of Adtech.
However, it remains to be seen how the power and effectiveness of these new data awareness requirements will be upheld and users’ data protected. The high penalties that crowd the headlines only account for a small percentage of the income of those companies.
Data Protection Authorities (DPAs) across the European Union (EU) are the lawful arm for GDPR enforcement. Enforcement will have a big impact on the effectiveness of any privacy regulation. In the EU, each member state has its own interpretation of notifications and monitoring, creating convoluted paths for both publishers and users. The Interactive Advertising Bureau (IAB) continues to introduce standards that help to inform and unify the ecosystem. The EU is currently working on creating unified data laws to help increase protections and transparency. How the EU member states define privacy and enforcement will be a sign and direction for the rest of the world in the months and years to come.
Now separated from the EU, how will the UK-GDPR follow up with enforcement? The ICO in the UK is one level of enforcement, and then depending on where the notification is coming from – which EU member state, for example – there could be an additional level of enforcement mandated.
This could lead to a dispute or data request having to be answered by both “courts” resulting in greater regulation(s) as well as additional confusion. The need to create multiple exceptions for rules could leave data and user rights not correctly defended due to the potential complications of border crossing and chasing the data leak. The EU recently published a draft for the UK Adequacy Decision for data that flows between the European Union (EU) and the United Kingdom (UK). Time will tell if this or other measures will be successful.
The quest for clarity deepens as we look outside the EU. The United States is long overdue for a federal data protection and user rights laws. States continue to forge ahead, learning from California who recently updated their data rights from the CCPA to the CPRA that has now an actionable enforcement team. Washington State (US) has held up their data rights to ensure that an enforcement body is attached. The state of Virginia is working on the Consumer Data Protection Act (CDPA). This state’s law has drawn a lot of attention for its similarities to the GDPR. This patch work approach will elongate the journey to data laws that require enforcement.
Over time, data protection, awareness and enforcement will meet a point of unification for the best working behaviors to share and maximize the total value for data throughout the Internet. Along the way, how the ecosystem values the user’s rights and the publisher’s responsibilities will largely be defined again and again by enforcement. What rights will we fight for and protect? The tug of war continues as the value exchange progresses and it will be fascinating to see how this plays out.
Ryan Rakover is the head of our Trust and Safety efforts at Total Media. One of the things Ryan enjoys the most in his role as a Publisher’s strategic partner is the challenge of bringing policy from a place of rules and standards to delivering solutions to clients to improve their client’s bottom line. Find Ryan on LinkedIn or reach him by email at ryan(at)totalmediasolutions(dot)com.