JULY 2021 IN

A Warning Shot on Data Privacy

The large corporations taking a wait-and-see approach about the privacy of consumer data may now be rethinking that approach after two recent law enforcement actions. Amazon was fined €746 million in Europe after incorrectly using confidential data for ad-targeting. MasterCard was blocked from processing transactions that originated in India after it deleted required information on data retention from an audit report.

It is understandable that corporations might want to break data privacy laws and see how it goes. The costs of complying can be millions of dollars, and the crimes might be overlooked. Large businesses have come to count on a lenient approach from regulators, in which a token fine is accompanied by plenty of time for the business to redo its practices.

That would be a costly mistake if fine is greater than the profit a business made from the invasion of privacy, as in Amazon’s case, or if your business is shut down until you comply with the law, as in MasterCard’s case. In general, no lawyer in any milieu would advise a client to break the law and see what happens, but businesses have come to rely on that approach as a core strategy.

While there can be confusion about some of the details of data privacy, the core intention of the law is not the slightest bit hard to understand. For example, a business must know where consumer data is stored and must have a process in place to delete the data when that becomes necessary. Historically, business data has never been under such tight control, and businesses have chafed at the costs of fully understanding their data operations.

But now, with governments taking violations more seriously, the cost of ignoring the requirements of the law may be higher than the costs of following the law.

Fish Nation Information Station | Rick Aster’s World | Rick Aster