A French regulator has fined Alphabet’s Google $57m for failing to get appropriate user consent to gather data for targeted advertising purposes. It’s the largest fine yet under Europe’s new General Data Protection Regulation (GDPR), which focuses on protecting internet users’ privacy against increasingly complex and intrusive online surveillance.
Data privacy is something I’ve written about a lot over the years. For many, it seems like a minor issue – who cares if Google knows you’re in the market for a new car? But the bigger implications are frightening. Surely you would care if you knew that Google’s information about your health searches was the reason you didn’t get hired for that exciting new job? Or if Facebook’s information about your friend network is the reason why you’re paying 2% extra on your home loan? And what about when bad actors start to use this information to manipulate your political beliefs or steal your identity?
The politics of data privacy and security are important, and they’re becoming a lot more salient for tech companies since the EU enacted GDPR. Companies now face a meaningful threat to their bottom line – the regulation allows for fines equal to 4% of global turnover (or €20m, whichever is higher). Google’s sizeable fine should send a message to all tech companies and tech investors: take privacy seriously or it will cost you real, serious cash.
