A couple of recent fines in several million pounds for data privacy breaches reveals the United Kingdom regulators are closely watching for transgressions. The Ministry of Justice served earlier this year with an enforcement notice by the ICO and it may lead to $17.5 million.
Google was slapped a fine of 150 million euros by the French authorities while the Belgian authorities did the same to the Internet Advertising Bureau for 250k euros.
If the first few months of 2022 are to be considered, it can be assumed that a sharp rise in imposed fines could be witnessed by various European regulators.
The fines and activities of the enforcement department have increased lately, but the same of CNIL (Commission Nationale de I'Informatique et des Libertes) cannot be overlooked. The fines are based on ePrivacy Regulations and it includes tracking rules as well as breach of cookie.
It was noticed the website of Google was configured for tracking consent, the declining was difficult and several clicks were required. Businesses practicing the same can face expensive shots. Regulators may now look for higher standards to collect consent.
It is learned the regulators may seek some extra ways to levy fines on the companies. If the CNIL case is considered, the companies managed in bypassing its sibling GDPR. Google bypassed both the US and Irish enforcers.
The GDPR has a one-stop-shop mechanism and this makes the local regulator to investigate and levy fines with respect to privacy breaches.
The New York Times' data governance vice president Robin Berjon said Ireland is a data haven as the regulatory authority protects business houses from the tough norms of French and German regulators.
In the Google fine case, it is found the regulators may use some other tools to take action. It has paved the path of headquartering to mitigate the fine risks.
CNIL said it has taken action based on the norms of its e-privacy law and not the way to follow the GDPR procedures. This means it will act unilaterally and may not seek any consent from its peers.
Meanwhile, the Brexit dimension should not be overlooked in privacy crackdowns in the future. It is to note that ePrivacy and GDPR are enshrined in the local law of the UK and business houses could be subject to direct enforcement. Many are curious to know how the power shift to London would work.
Meanwhile, it is believed tech giants including Google and Facebook may upgrade their consent procedures to better align with the new law.