The new data protection laws are not going anywhere and 2019 is likely to be a year of action in which the new data rights, complaints and enforcement options are tested. We’ve already seen this in France earlier this month when CNIL (the French National Data Protection Commission) fined Google a record 50 million Euros, related to Google’s use of Ads personalisation.
CNIL determined that Google had not been sufficiently clear and transparent with its privacy information and had not obtained the necessary consents. In addition, because CNIL viewed Google’s economic model as being based on ads personalisation they were held to an increased level of accountability. Therefore, the scale of Google’s fine reflected this as well as the size of their operations, and the fact that breaches were ongoing and continuous (rather than one-off errors).
The Information Commissioner’s Office (ICO) – responsible for enforcing data protection requirements in the UK- has been working through a backlog of complaints. However, whilst we anticipate enforcement will increase with “examples” made, the ICO’s general mindset remains one of support and guidance. The intention is not to drive you out of business and you can protect yourself by spending a bit of time on the issue.