LONDON (AP) — Facebook CEO Mark Zuckerberg is promising to do a better job protecting user data following reports that a political consultant misused the personal information of millions of the company’s subscribers. The fact is, European regulators are already forcing him to do so.
A similar data breach in the future could make Facebook liable for fines of more than $1.6 billion under the European Union’s new General Data Protection Regulation, which will be enforced from May 25. The rules, approved two years ago, also make it easier for consumers to give and withdraw consent for the use of their data and apply to any company that uses the data of EU residents, no matter where it is based.
The law is the latest attempt by EU regulators to rein in mostly American tech giants who they blame for avoiding tax, stifling competition and encroaching on privacy rights. European analysts say GDPR is the most important change in data privacy regulation in a generation as they try to catch up with all the technological advances since 1995, when the last comprehensive European rules were put in place. The impact is likely to be felt across the Atlantic as well.
“For those of us who hold out no hope that our government will stand up for our rights, we are grateful to Europe,” said Siva Vaidhyanathan, a professor at the University of Virginia who studies technology and intellectual property. “I have great hopes that GDPR will serve as a model for ensuring that citizens have dignity and autonomy in the digital economy. I wish we had the forethought to stand up for the citizen’s rights in 1998 (the start of Google), but I’ll settle for 2018.”
The U.S. has generally taken a light touch approach to regulating internet companies, with concerns about stifling the technology-fed economic boom derailing President Barack Obama’s 2012 proposal for a privacy bill of rights. But Europe has been more aggressive.