Google’s recent $2.7 billion antitrust fine in Europe had a material impact on its quarterly earnings. The possibility of additional fines facing Google and its rivals raises the stakes in Europe for US internet companies seen to be in violation of European privacy or competition rules.
These are the two fronts that European regulators are addressing: privacy and competition. According to Reuters, regulators have rejected as insufficient recent efforts by Facebook, Google (Google+) and Twitter to bring their user terms into compliance with European regulations:
The European Commission and consumer protection authorities in the bloc wrote to the three companies in June, asking them to improve their proposed changes to user terms by the end of September, according to letters sent to the companies and seen by Reuters on Monday . . .
The concerns centre mainly on procedures the social media companies proposed to set up for the removal of illegal content on their websites, terms limiting their liability and terms allowing them unilaterally to remove content posted by users.
There are a cluster of issues that European regulators are seeking to address on the social sites:
- Removal of “slanderous or threatening online postings quickly”
- More aggressive action against fraudulent consumer content or scams
- More explicit identification of sponsored content
- Eliminating terms that require waivers of EU citizens’ contractual rights
- Ability for consumers to sue in domestic courts rather than being compelled to sue in US courts
In an unrelated privacy related dispute, Facebook was recently fined €150,000 ($166,400) by France’s data protection authority. Facebook has long maintained, however, that it complies with European laws and privacy rules.
The companies reportedly offered potential terms changes in March addressing regulators’ concerns. As Reuters reported (above), these modifications were regarded as insufficient. They must now offer additional concessions or face potential fines.
The General Data Protection Regulation (GDPR) is set to go into effect throughout the EU in May, 2018. Fines and penalties under the new rules are set to increase significantly:
Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements, e.g. not having sufficient customer consent to process data, or violating the core of Privacy by Design concepts.
For example, Facebook’s total revenue in 2016 was nearly $28 billion. Accordingly, a serious privacy breach or violation under GDPR could mean more than $1 billion in fines for the company.