Microsoft organise un Tour de France afin de présenter plus en détails la suite Microsoft 365.
J’aurais l’opportunité de présenter la version parisienne en collaboration avec quelques collègues de Microsoft France, qui se déroulera le 11 Avril 2018 chez Microsoft France, à Issy-Les-Moulineaux.
Voici le plan de cette demi-journée :
9:00-9:30 : Accueil & petit-déjeuner
9:30-10:00 : Découverte de la solution Microsoft 365 pour les entreprises et les collectivités
10:00-10:15 : Annonce de l’arrivée des Data Center Office 365 en France
10:15-11:00 : Focus sur la sécurité et GDPR au sein de votre entreprise
11:00-11:30 : Présentation des offres et de l’expertise AZEO
EU regulatory authorities are tightening screws on Big Tech, slapping it with fines and violations. Source: Unsplash
Ireland’s Data Protection Commission (DPC) has fined Meta a total of €390 million ($414 million) in a ruling against Facebook’s and Instagram’s use of targeted advertising. The ruling declared both subsidiaries’ method of furnishing user consent under its updated terms and service a violation of Article 6 of GDPR. The fines levied against Facebook and Instagram amount to €210 million ($225 million) and €180 million ($191 million), respectively.
NOYB, a user privacy protection group, first lodged complaints against Meta’s subsidiaries in May 2018 — immediately after GDPR came into effect. Following this outcome, Meta and its subsidiaries won’t be able to rely on their terms of service as legal cover for obtaining user consent to process their information for personalized ads.
The DPC reversed its initial decision and imposed a much larger fine on Meta. Source: Data Protection
Article 6, under which this recent DPC ruling was made, allows data processing only when an entity complies with one of its six legal premises. In advance of the GDPR implementation in 2018, Meta — then Facebook — changed its terms of services. The company made consent to its processing of user information a precondition for its services.
Arguing its case, representatives of Meta alluded to their terms of service as a legal contract. The “contract” allowed its subsidiaries to process customer data. However, the DPC disagreed and found it in violation of Article 6, and Articles 5 (1)(a), 12, and 13(1)(c) that concern data transparency.
“In breach of its obligations in relation to transparency, information in relation to the legal basis relied on by Meta Ireland was not clearly outlined to users, with the result that users had insufficient clarity as to what processing operations were being carried out on their personal data, for what purpose(s), and by reference to which of the six legal bases identified in Article 6 of the GDPR,” read the DPC statement.
Meta’s Subsidiaries Tried to Bypass GDPR
Meta has lost the battle of forced consent for personalized ads. And it’s losing more and more often. Source: NOYB
According to Schrems: “Instead of having a ‘yes/no’ option for personalized ads, they just moved the consent clause in the terms and conditions. This is not just unfair but clearly illegal. We are not aware of any other company that has tried to ignore the GDPR in such an arrogant way.”
Meta very nearly succeeded in its attempt to bypass GDPR as well. DPC’s original fine was €36 million. But when authorities referred the case to the European Data Protection Board (EDPB), it reversed DPC’s decision that Meta and its subsidiaries could use user information for targeted ad campaigns on a legal contract basis. Consequently, the fine was increased by over 1,000%, from €36 million to €390 million.
Schrems has gone as far as to claim that the DPC colluded with Meta: “This case is about a simple legal question. Meta claims the ‘bypass’ happened with the DPC’s blessing. For years the DPC has dragged out the procedure and insisted that Meta may bypass the GDPR, but was now overruled by the other EU authorities. It is overall the fourth time in a row the Irish DPC got overruled.”
GDPR Affects More than Just Meta
GDPR is affecting businesses, large or small, that fail to comply. Source: Enforcement Tracker
The latest DPC fine puts Meta in a bind. It’ll be unable to operate, in the EU at least, under its current business model. This is especially the case because it’s also struggling to comply with the transatlantic data processing directives. EU authorities are tightening the screws on Big Tech companies. This is in an effort to rein them in and to ensure their compliance with the GDPR.
Apple and Twitter have also recently found themselves in the line of fire. However, fines against Twitter are much less frequent and far lesser than those against Meta. Twitter is currently under a DPC investigation for a breach that could potentially affect 5.4 million users. Apple, meanwhile, has been fined $8 million by the French regulatory authority Commission Nationale de l’informatique et des Libertés (CNIL) for a non-consensual targeted ad campaign toward iOS 14.6 users. The authority leveled the fine under Article 82 of the French Data Protection Act. CNIL previously fined Google for a breach of the same article.
Small and medium-sized businesses are also subject to GDPR provisions, but these cases don’t make major news headlines. The enforcement tracker has a full list of GDPR cases. The tracker includes details such as entity name, fine amount, relevant GDPR provision, jurisdiction, decision date, and official press statement.
To avoid GDPR fines, business owners should tread carefully when processing and using user data. In protecting user information, companies must ensure that their databases are secure. Implementing a combination of cybersecurity protocols, including powerful firewalls, multi-factor authentication, antivirus protection, malware scanners, email spam filters, and automated patch management, can help companies avoid violations.
Implications for Big Tech
For a long time, Big Tech has been operating above the law. This is even though its involvement in feeding deep analytics with user information is an open secret. All this seems to be changing, with the authorities, in Europe especially, calling for stricter GDPR compliance. These stricter user-privacy enforcement measures have led to Meta signaling its withdrawal from the EU. This is because its subsidiaries rely on the processing of user information to remain operational.
Other social media and Big Tech platforms and companies also employ targeted advertising. Big Tech, with its use of sophisticated tracking and surveillance and cross-device, cross-platform monitoring, had eluded accountability for quite some time, with little transparency on how it uses user data.
With GDPR and other directives curtailing Big Tech’s power and enforcing user privacy rights, the playing field is leveling. However, the dream of reclaiming user data and a more sovereign internet still seems distant.
Microsoft organise un Tour de France afin de présenter plus en détails la suite Microsoft 365.
J’aurais l’opportunité de présenter la version parisienne en collaboration avec quelques collègues de Microsoft France, qui se déroulera le 11 Avril 2018 chez Microsoft France, à Issy-Les-Moulineaux.
Voici le plan de cette demi-journée :
9:00-9:30 : Accueil & petit-déjeuner
9:30-10:00 : Découverte de la solution Microsoft 365 pour les entreprises et les collectivités
10:00-10:15 : Annonce de l’arrivée des Data Center Office 365 en France
10:15-11:00 : Focus sur la sécurité et GDPR au sein de votre entreprise
11:00-11:30 : Présentation des offres et de l’expertise AZEO
Connexion
