FTC has a leading role in the pursuit of privacy regulations
by R. Olschewski
The USA is assuming a leading role in the pursuit of regulations on data privacy and is sanctioning violations against the rules on consumer protection in a manner that is much harder than is usually seen on the European front. As such, companies should take heed before they enter the U.S. market with products critical to data protection legislation.
At the beginning of 2012, scientists in the USA published work stating that Google was spying on users of the Apple browser Safari. The accusation was that a protective mechanism in the Safari browser designed by Apple had been bypassed. By making use of so-called tracking cookies, it was apparently possible to spy on the browsing habits of users. This practice had since been discontinued.
Nevertheless, the company is now being required to pay a fine of 22.5 million USD (app. 18.3 million EUR).
The company has now approved a corresponding settlement with the US regulatory authority, the Federal Trade Commission (FTC). This is the highest fine that the FTC has ever imposed. Decisive for the amount of the fine levied was most particularly misinformation that was located on the search engine provider’s service page.
There, customers were falsely informed that they did not need to take any further action to prevent the recording of their activities. As such, the company violated a particular prior agreement it had signed with the FTC in which risks were to be pointed out to customers in a clear and unambiguous manner.
What is particularly interesting is that this charge of spying on data by bypassing the browser’s protection mechanisms has not yet generated any noticeable response from various regulatory authorities in Europe, especially in Germany. It is nonetheless reasonable to fear that these cookies could very well have also affected German users.
Also worth questioning is why comparable agreements between regulatory authorities and global companies with problematic data protection issues are still something of a rarity in Europe.
For Google, even the sum of this fine is still manageable when compared to the approximately 500 million USD it was required to pay on charges of illegal advertising of pharmaceuticals as part of the agreement it signed with the US Department of Justice in 2011.
Initially, the EU Whistleblower Directive was supposed to be effective by December 17, 2021. However, the legislative process failed.Right of Access by the Data Subject
The right of access, enshrined in Art. 15 of the GDPR, gives data subjects the right to obtain from the controller.Subject Access Request Automation
Individuals have the right to access their personal data, commonly referred to as subject access. But can this process be automated?