Ctrl + N
A top enforcer of Europe’s broad new data privacy rules says there are 18 investigations underway into U.S. technology companies -- and some could conclude as early as this summer.
The Data Protection Commission of Ireland's probes span the services of Facebook, WhatsApp, Twitter, LinkedIn and Apple, according to prepared testimony that its chief Helen Dixon shared with the Senate Commerce Committee for a hearing on consumer privacy yesterday. The watchdog this morning announced the latest probe, which is into Quantcast, a U.S.-based advertising tech veteran.
Europe’s General Data Protection Regulation went into effect almost a year ago, and the outcomes of these investigations will reveal whether the new rules have teeth.
“We have reason to believe then clearly that there are potential infringements of the GDPR arising,” Dixon said at the hearing. “We are significantly advanced in a number of those investigations and intend to bring a decision and an outcome on those investigations.”
The sheer number of probes highlights how the European regulators are increasingly emerging as the de facto top cop of American tech companies -- when there are still divisions in Congress over what a federal privacy law should encompass in the U.S.
Ireland's commission hasn’t yet brought any fines against U.S. tech firms under the new European regulatory regime — but any penalties it pursues could be as much as 4 percent of a company’s annual worldwide revenue.
Ireland is charged with overseeing the enforcement of GDPR when it comes to most technology companies because many have their European headquarters in the country. Dixon testified that Internet platforms are among the top sources of complaints to the commission. Other sectors that receive the most complaints include banking and telecommunications.
As the one-year mark of GDPR looms, the country's role in enforcing the law has come under scrutiny as critics wonder why the commission has not yet brought fines against any companies. Dixon told yesterday's panel it's taking time because the "sanctions are significant" and the commission needs to give companies the opportunity to respond at various steps in the process.
Still, their relative organization is striking since there has been little motion in Washington toward achieving a privacy bill. Lawmakers remain divided over issues including whether individuals should be able to sue companies over perceived privacy violations and how much authority to grant to the Federal Trade Commission to to penalize companies that violate consumers' privacy.
And Democrats want to ensure that a federal bill would not water down or pre-empt strong state privacy laws, such as the one in California slated to take effect next year. During yesterday's panel, Sen. Richard Blumenthal (D-Conn.) said every American's privacy rights should be just as strong as residents of California. The consumer advocates on the panel agreed that law should be viewed as a floor -- not a ceiling -- for any legislation Congress considers.
Still, many in Big Tech say they are on board with some kind of rules -- signaling the pressure the companies are under to show they're taking consumer privacy seriously. Facebook chief executive Mark Zuckerberg, have been calling on the United States to adopt federal privacy legislation similar to the GDPR. The technology industry is warming up to the European regime and even prefers it to a federal law that takes after California's privacy bill, or an outcome where it would need to navigate a patchwork of state rules.
Republicans have also raised concerns that a patchwork of different state privacy laws could be a compliance nightmare for the companies and hinder innovation.
And the U.S. will also face a test for the enforcement of its own existing rules soon. Federal Trade Commission is in negotiations with Facebook over a multi-billion dollar fine that would settle the agency's probe into Facebook's privacy practices. After Wall Street shrugged off Facebook's announcement it was setting aside billions for such a fine last week, many critics said it's time for the U.S. to get tougher and consider stronger remedies when tech giants violate consumers' privacy.
BITS: The rise of foreign money rushing into venture capital funds and startups has transformed Silicon Valley into a “geopolitical minefield,” Recode's Theodore Schleifer reports. Start-ups and venture capitalists are making judgement calls or reacting to crosscurrents that the tech industry didn't have to worry about decades ago.
“It’s the world of geopolitics coming to venture,” Robert Ackerman, a venture capitalist active in cybersecurity, told Theodore. “It’s got a lot more gray than black and white — and we’re all trying to figure that out.”
As China and Saudi Arabia cash bolsters a recent gold rush in Silicon Valley, companies are grappling with how to respond to the murder of Washington Post columnist Jamal Khashoggi or whether Chinese telecommunications company Huawei poses a national security threat.
“But for too long, most people in Silicon Valley have treated foreign cash with a collective shrug, seeing money as money and not truly considering the ethical and regulatory challenges of taking investment from certain foreign countries, Recode interviews with more than 50 venture capitalists, startups, lawyers, and others involved in cross-border investing reveal,” Theodore writes. “Now Silicon Valley is scrambling to assess its own exposure in this new world order.”
NIBBLES: As it negotiates a settlement with Facebook to conclude its privacy probe, the FTC may require the social network to place "privacy-minded" executives at the company's highest levels, Politico's Nancy Scola reports. The steps would be in addition to a multi-billion dollar fine.
The steps could include appointing a federally-approved privacy official and creating an independent privacy oversight board. Also, Mark Zuckerberg could be required to take on the role of "designated compliance officer," which would make him personally accountable for the steps the company takes on privacy.
As Politico notes, the negotiations are ongoing, and the deal terms are subject to change.
"While talk of a multibillion-dollar fine against Facebook has grabbed headlines, the question of structural changes looms as a much more meaningful issue for the company, which has amassed a market value of more than $500 billion through its command of detailed data on 2.4 billion users worldwide," Nancy wrote. "Wall Street has reacted with a collective shrug to reports of the fine given Facebook's financial resources, but mandated changes to the company's business model could have a longer-term impact."
But privacy advocates warned that changes to Facebook's governance structure may not go far enough.
"The additional remedies are not meaningful," Marc Rotenberg, executive director of the Electronic Privacy Information Center, told Politico. "Creating an independent office, or an office within Facebook — which by the way, is not independent — does not establish new privacy obligations, nor does it ensure compliance."
BYTES: Google announced yesterday it would begin allowing users to set a time limit for how long it stores their web brosing history or location data, CNBC's Todd Haselton reports.
Currently users need to manually opt-out of such storage by visiting Google and deciding to delete it or turn it off completely. Now people will be able to tell the company to delete all information older than three months or eighteen months on a rolling basis.
Frederic Lardinois of TechCrunch noted that the change provided people with a "middle ground" at a time when technology companies' privacy offerings are under increased scrutiny.
"It’s no secret that unless you are very careful about what you opt-in to, Google keeps a very detailed record of your location history and a log of the web sites you visit in Chrome and apps you use. There have always been ways to fully opt out of this or to painstakingly delete these records manually," he wrote. "Yet while there are plenty of reasons to opt out, you also miss out on many of Google’s personalization features."
Now users will be able to still reap some of the benefits of personalization, while ensuring Google isn't storing their information for years to come.
-- Tech news from the private sector:
-- Tech news from the public sector:
-- Tech news generating buzz around the Web: