Share the post "How the EU Privacy laws (GDPR) influence US Tech-Companies in Europe?"
The General Data Protection Regulation (GDPR) whilst a solely European Union regulation has a large impact on companies all over the globe. However, when taking into account GDPR being mostly online services which deal with personal information of citizens or residents of the EU/EEA, the largest market for this information outside the EU is inevitably the United States. The presence of American tech and multinational companies are ever growing. However, this means they have to rapidly adapt to the rules and regulations in different regions. We will observe the American companies and the breaches since the GDPR was introduced in 2018.
Amazon Europe
On July 16, 2022, a €746 million ($888 million) was issued to Amazon Europe by the Luxembourg National Commission for Data. Amazon had failed to comply with the general data processing principles in accordance with the GDPR. This fine is the largest one by far as compared to the previous high of €50 million penalty issued to Google in the EU region. The charge was filed against Amazon by a french privacy group in 2018 for allegedly not seeking consent from consumers in their advertising practices. While the charge was filed in France, The GDPR allows any EU country to lead the investigations. Amazon had selected Luxembourg as the supervising authority, working together with the French Data Protection Authority. Amazon was subsequently found to have failed to comply with the regulations (Bodoni, 2021).
Google, headquartered in California, has been fined €50 million ($57 million) . This action was taken by France’s GDPR enforcement agency, Commission Nationale de l’informatique et des libertés . EU/EEA residents data was illegally utilized and processed for advertising without the required consent. This lax in the whole process has made it harder for users to understand how their data will be used and processed. This also makes consumers vulnerable as they are unaware of the costs of providing their data. The claim was filed by groups, Austria’s None Of Your Business (NOYB) and France’s citizen advocacy group La Quadrature du Net (LQDN). After the fine, Google has since imposed a user consent to their terms and conditions before using their data. These hefty fines towards some of the United States largest companies, show the strength of the GDPR and the serious responsibility that functioning within the EU does in terms of EU/EEA residents’ privacy and security (Rosemain, 2020).
The GDPR has set the foundation for the consumer privacy frameworks worldwide. Government bodies would be more inclined to amend the existing legislations, guidelines. There is currently a growing trend in tougher GDPR rules and fines, other government bodies would also respond to it. Companies and organizations should work together to enforce the rules and re-look at their data privacy efforts. The high penalties imposed implies that there is a clear and transparent process by the data protection authorities. While such large fines do not create a huge impact on the tech giants, they may devastate the smaller companies. The presence of sufficient data privacy practices and resources to help out with compliance measures will certainly help when the companies enter the other markets. It remains a mystery as to whether the GDPR would be implemented in the US or other regions around the world.
Sources: