Saturday, June 02, 2018

Just Between Us

All your pals are checking in. You got an email from Hotels.com, a nice note from Churchill Living and a similar one from NPR. And there were others from Uber, Marriott and Yelp. In fact, almost anyone with whom you've ever transacted online has likely reached out to you this past week to say, "Not to worry. We'll never tell anyone about you. It's all just between us." 

It's not like they are doing this because they suddenly developed a case of the infected privates. It's because the EU forced their hand. Starting way back in 2012, coincidentally the year the Facebook went public, the parliament of the European Union began work on what would eventually become the General Data Protection Regulation or GDPR. Finally passed in 2016, it gave companies 2 years to get their house in order. And so this past week, on May 25, all companies doing business in the EU territory have to comply with the new regulations. Or else. 

And there most assuredly is an "or else." Unlike so many laws and regulations that contain token penalties that amount to lunch money for the CEO, this one carries some serious bite. If a company is found to be guilty of playing fast and loose with your personal data, they can be fined to "20 million euro or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater." Using Facebook's yearly revenue as an example, that means a penalty of $1.6 billion (that's "billion" with a "B") if found in breach. In fact, on the very first day the regulations went into effect, both Facebook and Google were hit with lawsuits accusing the companies of breaching the regulations and seeking to fine Facebook 3.9 billion euro and Google 3.7 billion euro. So much for a long relaxing Memorial Day weekend. 

The penalties are so onerous that a number of companies quickly blocked access to their sites for EU customers rather than face the possibility of not being in compliance. If you are in France or Luxembourg or Malta, and try to visit the websites of the Los Angeles Times or A&E Networks, you can't get there from there. As the notice on the Chicago Tribune site says, "Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism." Translation: better to bar you than have to pay up because of you. 

Some websites went even further, and shut down completely, turning out the lights rather than update their systems. As posted on the home page of Super Monday Night Combat, a multi-player game operating since 2011, "due to the upcoming European Union General Data Protection Regulation (GDPR) deadline which is May 24th, we are sad to announce that we will be shutting down SMNC on that day." Admittedly over the last 30 days the game averaged just 5 players, but I bet they were disappointed. 

Contrast all this with rules protecting our privacy on these shores. In spite of breeches involving 45 million users at TJ Maxx in 2007 or of 1 billion users at Yahoo in 2012 or 330 million users of Twitter just this year, legislators here have, well, gotten really mad. "I think there is a political dynamic and clearly a policy interest in doing something to stop these breaches, by deterring them and helping people who are harmed by them," said Senator Richard Blumenthal or Connecticut. But while there may be some will, there doesn't appear to be a way, or even the knowledge of how to proceed. Several years ago, the Chairman of the House Subcommittee for Homeland Security Appropriations, John Carter of Texas, started a hearing by saying while it was important, "I don't know anything about this stuff." 

So thank you Kinga Gal from Hungary. Thank you Sergei Stanishev from Bulgaria. Thank you Jan Philipp Albrecht, Barbara Kudrycka and Monika Benova from Germany, Poland and Slovakia respectively. Each is an EU Parliament member who is protecting us from the evils of Google and Amazon and Russian troll farms. Mitch McConnell and Paul Ryan, you could learn a few things.

-END-

Marc Wollin of Bedford promises not to share your comments. His column appears regularly in The Record-Review, The Scarsdale Inquirer and online at http://www.glancingaskance.blogspot.com/, as well as via Facebook, LinkedIn and Twitter.

No comments: