Date
21 October 2018
Under the General Data Protection Regulation, EU regulators have the power to impose fines of up to 4 percent of global revenue or 20 million euros (US$23 million), whichever is higher, for violations. Photo: Reuters
Under the General Data Protection Regulation, EU regulators have the power to impose fines of up to 4 percent of global revenue or 20 million euros (US$23 million), whichever is higher, for violations. Photo: Reuters

First round of fines under new EU privacy law seen by year-end

European regulators are set to exercise their new powers by handing out fines and even temporary bans on companies that breach a new EU privacy law, with the first round of sanctions expected by the end of the year, Reuters reports, citing the bloc’s privacy chief.

The European Union General Data Protection Regulation (GDPR), heralded as the biggest shake-up of data privacy laws in more than two decades, came into force on May 25.

The new rules, designed for the digital age, allow consumers to better control their personal data and give regulators the power to impose fines of up to 4 percent of global revenue or 20 million euros (US$23 million), whichever is higher, for violations.

Enforcers have since then been deluged by complaints about violations and queries for clarification, with France and Italy alone reporting a 53 percent jump in complaints from last year, European Data Protection Supervisor Giovanni Buttarelli said.

“I expect first GDPR fines for some cases by the end of the year. Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban or to give them an ultimatum,” Buttarelli told Reuters in an interview.

Data controllers, which could include social networks, search engines and online retailers, collect and process personal data while a data processor only processes the data on behalf of the controllers.

Fines are levied by national privacy regulators in the various EU member states. While Buttarelli does not personally impose fines, he coordinates the work of privacy agencies across the bloc.

Fines could be imposed on any company that operates in Europe, no matter where it is headquartered.

“The fine is relevant for the company and important for the public opinion, for consumer trust. But from an administrative viewpoint, this is just one element of the global enforcement,” Buttarelli said.

Probes ongoing

He said the sanctions will be imposed in many EU countries and will hit many companies and public administrations but declined to provide details because investigations were still ongoing.

Complaints filed against Google, Facebook, Instagram and WhatsApp by Austrian data privacy activist Max Schrems on the same day the GDPR rules were implemented are not expected to be among these cases as they are still at a preliminary stage, he said.

Buttarelli also urged EU countries and lawmakers to bridge their differences on overhauling the e-privacy directive which aims to create a level playing field between telecoms operators and online messaging and email services such as WhatsApp and Microsoft subsidiary Skype.

Hailed by privacy activists but criticized by tech companies and some EU countries as being too restrictive, the e-privacy proposal aims to extend tough telecoms privacy rules to the tech giants.

“E-privacy is simply indispensable. It is essential, it is a missing piece in the jigsaw of data protection and privacy. It would be really a dereliction of duty if the EU cannot update soon before the (European Parliament) elections its rules on confidentiality of communication,” Buttarelli said.

Parliament elections are in May 2019. 

“I think there is a margin of maneuver for sustainable compromise although there are points which cannot be negotiated. For instance the scope of application of e-privacy to over-the-top, beyond the telcos, the tech giants,” he said.

Over-the-top refers to content delivered via the internet. It usually applies to companies like Google and Skype which offer services similar to telcos but are not telcos.

Consumer lobbying group BEUC said EU countries should stop dragging their feet.

“This law would be a much needed upgrade of current rules to safeguard consumers’ privacy when they go on the internet or use mobile apps as well as protect the confidentiality of their online communication,” BEUC spokesman Johannes Kleis said.

Google challenges EU antitrust fine

Meanwhile, Alphabet unit Google on Tuesday challenged a record 4.34-billion euro (US$5 billion) fine imposed by EU antitrust regulators three months ago for using its popular Android mobile operating system to thwart rivals.

“We have now filed our appeal of the EC’s Android decision at the General Court of the EU,” Google said in an email. It had previously said it would take the case to Europe’s second highest court in Luxembourg.

The company referred to arguments put forward by chief executive Sundar Pichai on the day of the EU ruling in July, of which the main one is that Android has created more choice for consumers, not less.

The European Commission in its July decision said Google had abused its market dominance since 2011. Android, used by device makers for free, is found on about 80 percent of the world’s smartphones.

EU competition enforcers had said Google’s illegal practices included forcing manufacturers to pre-install Google Search and its Chrome browser together with its Google Play app store on their Android devices.

The EU antitrust authorities said the company also paid manufacturers to pre-install only Google Search and blocked them from using rival Android systems.

– Contact us at [email protected]

CG

EJI Weekly Newsletter

Please click here to unsubscribe