3 Reasons Your Company Should Prioritize Data-Privacy Compliance and Safety Issues
Regulators are clamping down on data privacy and safety violations, so businesses need to pay an extra measure of attention to them.
Opinions expressed by Entrepreneur contributors are their own.
Recently Facebook, Instagram, WhatsApp, Messenger and Oculus went offline simultaneously for six hours, and for the entirety of those 360 minutes, it seemed we were experiencing an apocalypse of sorts. A corollary of the outage was that our manifest reliance on the Internet and social media had become an increasing cause for concern on the part of government regulators.
Giant tech companies like Facebook and Google have, of course, amassed unparalleled private and public sector importance and influence, primarily because of how much data they are privy to, and this has brought these tech giants closer to governmental regulatory crosshairs. As Internet reliance continues to grow, the FCC and other federal agencies are beginning to pay more attention to such matters as data security in businesses of all sizes. Now more than ever, it is essential for every company to become aware of data compliance requirements and to pay attention to how the evolving laws or data breaches may affect its operations. Whether as a product of data breaches or violating compliance rules, fines and penalties are growing harsher and more numerous, and it is getting easier to file a lawsuit in order to pursue them.
1. The GDPR is making its presence felt
Recently, European regulators have been enforcing the General Data Protection Regulation (GDPR) with greater vigor, and fining those who violate its rules. These regulations apply regardless of where websites are based, so American companies dealing in the European Internet space also need to be careful. Some GDPR penalties have been hefty enough to make global headlines. For example, in 2020, H&M was fined €35 million for tracking its employees and building detailed profiles about them. In the same year, Google had to pay $57 million for incorrectly providing information about consent policies and user data processing. These pale in comparison to Amazon's gigantic €746 million fine in 2021 for how it collects cookies and shares personal data. Such cases have been part of a generally rising trend of fines since the GDPR framework was created in 2016. The number of cases has also risen; between July 2019 and July 2020, there were 332 such fines, but over the subsequent 12 months — until mid-2021 — that number rose 113.5% to 709 cases, according to Finbold.
Any business with an online presence in Europe needs to be fully aware of these rules, and any infringements, reads parts of the GDPR text, "could result in a fine of up to €20 million, or 4% of the firm's worldwide annual revenue from the preceding financial year, whichever amount is higher".
2. Similar regulations are being enacted around the world
The GDPR may be the best known, but compliance regulations are actually being implemented globally. America is enacting several laws that differ from those in the EU, and also vary from state to state. For example, California, the wealthiest state by GDP and the home of Silicon Valley, has enacted the California Online Privacy Protection Act (CalOPPA), which requires in part that companies disclose how they respond to things like "do not track" commands.
Other data protection frameworks similar to that of GDPR have been made instituted across the globe. Many have regional differences or have evolved from previous regulations, however, the core tenets are essentially the same. Recent examples have been seen in South Africa, Canada, India and Australia. Toward the end of 2021, China's Personal Information Protection Law (PIPL) is also set to become law.
3. Legal tech is making it easier to file lawsuits
With all these new rules applying across borders, risks of non-compliance are high, but it can be challenging to keep track of them all. Extreme vigilance is needed. Apart from complying with data privacy regulations, one of the biggest challenges is keeping collected data safe. When personal information is lost or leaked, under GDPR, consumers have a claim for reimbursement. For example, Facebook, Mastercard and LinkedIn have had data leaks in the past and are now facing such claims.
As a result, the legal tech sector is growing rapidly in popularity, making it faster and easier for consumers to bring cases against corporations. The sector is in such demand that legal tech companies, backed by venture capital funds, are able to provide instant compensation to plaintiffs at a push of a button, and often file claims at their own risk. In 2019, legal tech made $17.32 billion worldwide and is predicted to rise to over $25 billion by 2025, according to Statista, and its cases increasingly involve companies that misuse personal data. For example, Facebook is being sued in Europe for a breach in 2019 of 533 million accounts by fintech companies like the European legal tech group RightNow, which has already initiated millions of Euros in claims against Facebook.
To avoid potential lawsuits, businesses must know their rights and the privacy regulations under which they operate. If they don't, they are likely to find themselves next in the legal crosshairs.