Will Regulators Catch Up on Privacy Protections?
For many companies, a $550 million settlement in a class action lawsuit would strike a crippling blow. Facebook isn’t one of them. The social networking giant revealed in a 10-K filing last month that it agreed to pay more than a half a billion dollars to end a protracted legal battle stemming from its use of facial recognition technology.
It appears to be the largest settlement in history related to a privacy issue. Yet, given Facebook’s market cap of nearly $600 billion, cutting that check shouldn’t pose a problem for chairman Mark Zuckerberg.
Such is the dilemma for civil libertarians who fear Big Tech’s ongoing creep into our private lives. What looks on its face like a historic litigation triumph has dubious deterrent effect on mammoth companies such as Facebook, Google and Amazon. Even smaller outfits like Clearview AI – which is in the news for providing law enforcement agencies with facial recognition technology to aid in policing – arguably find it better to seek forgiveness later than to ask permission first.
Ironically or not, privacy advocates’ best hope for putting guardrails around facial recognition may be further government intervention. A handful of states have enacted bans on the technology. They include Illinois, where the lawsuit against Facebook was filed based on the state’s Biometric Information Privacy Act. Meanwhile, a bipartisan federal bill to curtail the use of facial recognition technology is currently floating around in the legislative morass of Capitol Hill.
If federal lawmakers do decide to get serious about updating privacy laws to match changes in technology, they may want to follow Europe’s lead. The General Data Protection Regulation, better known as the GDPR, went into effect across the European Union in 2018. It established new rules dictating how companies could use consumers’ data in the EU and granted individuals more control over their information.
So far, the EU’s privacy laws have garnered widespread acclaim, with other countries looking to enact GDPR copies of their own. GDPR’s legion of fans even include high-profile tech industry executives like Zuckerberg and Apple CEO Tim Cook. (Big Tech critics may view that as a strike against a GDPR-like solution for the U.S.)
After being in place for nearly two years, GDPR appears to be catching up with the private sector. For example, it came to light earlier this month that EU authorities are investigating potential violations at Google involving user location data. Overall, one analysis found that data privacy violations have resulted in 190 fines against companies operating in Europe since the law took effect. Importantly, companies are preparing for regulators to step up enforcement activities in the near future.
Is GDPR foolproof? Of course not. It may be the template that lawmakers use in the U.S., however. And it may even be more effective than headline-grabbing settlement figures.
New Disclosure Rules Prove Timely Amid Crippling Cyber Attacks
Here’s a case of what may be fortunate timing for both investors and gamblers. The Securities and Exchange Commission’s new cybersecurity disclosure rules went into effect this mon...
Flurry of High-Profile Activity Could Revive Listless IPO Market
The grim market for initial public offerings may be picking up thanks to recent high-profile activity. IPOs have seen wild fluctuations in the last two years as the number of compa...
Court Decisions Further Complicates Crypto Regulation
The Securities and Exchange Commission has suffered yet another loss on a cryptocurrency issue in court, adding more upheaval to the messy process of building a new regulatory regi...