Big fine to Big Tech? Regulators’ (in)effective privacy breach battle
Silhouettes of mobile users are seen next to a screen projection of the Instagram logo in this picture illustration taken March 28, 2018. (Reuters Photo)

The penalties imposed by authorities on technology giants for violating data privacy rules seem to prove far from effective – a challenge that should be weighed on more effectively by regulators for the ecosystem to grow



The data-oriented economy has, over the recent years, gone through a fundamental change – a process that gained an unprecedented pace in the world and in Türkiye during the coronavirus pandemic.

Fines imposed by the regulatory authorities that have stepped up efforts, including expanding audits of data companies that have turned into monopolies, seem insufficient thus far in the face of the ever-growing economy.

Turkish authorities, from the Competition Authority (RK), Personal Data Protection Authority (KVKK), Information Technologies and Communication Authority (BTK), Banking Regulation and Supervision Agency (BDDK) to Energy Market Regulatory Authority (EPDK), have to act not only through penalties but be more rational to help grow the enterprise ecosystem,

Ultimately, creating a fair ecosystem that grows is the common goal of all parties.

Penalties

Irish regulators this week announced it was slapping Instagram with a big fine after an investigation found the social media platform mishandled teenagers’ personal information in violation of strict European Union data privacy law, known as the General Data Protection Regulation (GDPR).

Ireland’s Data Protection Commission (DPC) said it made a final decision to fine the company 405 million euros ($402 million), with full details still to be released.

Instagram parent Meta, which also owns Facebook, said that while it had "engaged fully" with regulators throughout the investigation, "we disagree with how this fine was calculated and intend to appeal it."

Courtesy of Statista

Even though it might seem like a considerable sum, it’s not the most significant amount of money a company had to pay in the history of the GDPR, according to the Germany-based statistics portal, Statista.

The GDPR gives data regulators the power to impose stiff fines for breaches.

In other words, considering the power and income, it is small on the scale of the European Union. In Türkiye, penalties are insufficient due to the effect of inflation.

Amazon, WhatsApp, Google

The fine imposed on Instagram is the second-biggest issued under the EU’s stringent privacy rules after Luxembourg’s regulators fined Amazon 746 million euros last year. The Luxembourg National Commission for Data Protection claimed that Amazon’s processing of personal data did not comply with the EU general data protection regulation.

Amazon is followed by WhatsApp – also owned by Meta – which was slapped with a then-record 225 million euros fine last year by Ireland’s privacy watchdog. The penalty came after an investigation found the messaging app breached stringent EU data protection rules on transparency about sharing people’s data with other Facebook companies.

On the list of highest fines, WhatsApp is followed by three counts of Google for also violating the GDPR, Facebook and Swedish fashion company H&M, according to a chart by Statista.

Even retailers have begun to show themselves in terms of penalties. Almost every institution seems to have taken steps by risking data breaches during the pandemic.

GDPR is designed to protect the privacy rights of EU individuals but applies to all companies processing or controlling the personal information of EU residents, regardless of where those firms are located. The regulation was adopted in April 2016 and took effect in May 2018.