Will Regulators Catch Up on Privacy Protections?

For many companies, a $550 million settlement in a class action lawsuit would strike a crippling blow. Facebook isn’t one of them. The social networking giant revealed in a 10-K filing last month that it agreed to pay more than a half a billion dollars to end a protracted legal battle stemming from its use of facial recognition technology.

It appears to be the largest settlement in history related to a privacy issue. Yet, given Facebook’s market cap of nearly $600 billion, cutting that check shouldn’t pose a problem for chairman Mark Zuckerberg.

Such is the dilemma for civil libertarians who fear Big Tech’s ongoing creep into our private lives. What looks on its face like a historic litigation triumph has dubious deterrent effect on mammoth companies such as Facebook, Google and Amazon. Even smaller outfits like Clearview AI – which is in the news for providing law enforcement agencies with facial recognition technology to aid in policing – arguably find it better to seek forgiveness later than to ask permission first.

Ironically or not, privacy advocates’ best hope for putting guardrails around facial recognition may be further government intervention. A handful of states have enacted bans on the technology. They include Illinois, where the lawsuit against Facebook was filed based on the state’s Biometric Information Privacy Act. Meanwhile, a bipartisan federal bill to curtail the use of facial recognition technology is currently floating around in the legislative morass of Capitol Hill.

If federal lawmakers do decide to get serious about updating privacy laws to match changes in technology, they may want to follow Europe’s lead. The General Data Protection Regulation, better known as the GDPR, went into effect across the European Union in 2018. It established new rules dictating how companies could use consumers’ data in the EU and granted individuals more control over their information.

So far, the EU’s privacy laws have garnered widespread acclaim, with other countries looking to enact GDPR copies of their own. GDPR’s legion of fans even include high-profile tech industry executives like Zuckerberg and Apple CEO Tim Cook. (Big Tech critics may view that as a strike against a GDPR-like solution for the U.S.)

After being in place for nearly two years, GDPR appears to be catching up with the private sector. For example, it came to light earlier this month that EU authorities are investigating potential violations at Google involving user location data. Overall, one analysis found that data privacy violations have resulted in 190 fines against companies operating in Europe since the law took effect. Importantly, companies are preparing for regulators to step up enforcement activities in the near future.

Is GDPR foolproof? Of course not. It may be the template that lawmakers use in the U.S., however. And it may even be more effective than headline-grabbing settlement figures.

Latest Articles

Disclosure Leads List of Risks for Companies During Shutdown

When the federal government shuts down, attention typically focuses on disrupted public services and impacts on government employees. For instance, staffing shortages have caused l...

Read More

Activist Investors Making Inroads with Corporate Campaigns

Activist investors didn’t take a summer vacation this year. In fact, they logged their busiest quarter ever. According to data from Barclays, the 61 new activist campaigns launched...

Read More

Narrative Contradictions: An Emerging Corporate Governance Risk

Publicly traded companies generate voluminous amounts of information in public statements required by law. Meanwhile, regulators, investors, and stakeholders scrutinize this inform...

Read More