Meta and Google fined. Who’s next in the data scandal saga?

Google Meta

It was only last year that Google got caught red handed over a data handling scandal, rocking the world of Big Tech. Touted by the media as a “historic win for consumers”, Google was charged $391.5m to settle allegations by 40 states in the largest US privacy settlement ever. The fines landed on Google’s doorstep after an investigation found the company had tracked users’ locations after they had opted out, affecting two billion users worldwide across Google’s Android OS, search, and maps services.

Data gathering tools such as this generate more than $200bn in annual ad revenue for Google, a large chunk of profits for its parent company Alphabet (which comes valued at $1.2tn). Not much time has passed since, but last week marked another strike for Big Tech as Meta’s doors became marked with the same red cross of the data handling plague. Following complaints of an “enforced” consent to personal data processing for behavioral advertising and other personalized services, the Irish Data Protection Commission (DPC) ruled last Wednesday that Meta was in breach of GDPR in relation to transparency.

It was stated in the ruling that Meta breached the principle that “users’ personal data must be processed lawfully, fairly and in a transparent manner”,  with “information in relation to the legal basis relied on by Meta Ireland not clearly outlined to users, with insufficient clarity as to what processing operations were being carried out on their personal data, for what purpose(s)”.

After recommendations of the European Data Protection Board (EDPB) and peer regulators in the EU/EEA, also known as Concerned Supervisory Authorities (CSAs), the DPC increased the amount of the administrative fines imposed on Meta Ireland to €210m for Facebook and €180m for Instagram. The company must also get its processing operations into GDPR compliance within three months.

In its responding statement issued, Meta predictably disagreed with the ruling, and said: “We strongly believe our approach respects GDPR, and we’re therefore disappointed by these decisions and intend to appeal both the substance of the rulings and the fines.”

The statement continued: “We want to reassure users and businesses that they can continue to benefit from personalized advertising across the EU through Meta’s platforms”.

As the social media giant offers personalized services, it’s hardly incomprehensible that these will include personalized ads too. Similarly with Google, the company seeks to offer better location-based services through data.

But it’s the problematic nature of these operations, twinned with the sheer volume of profits that the technology firms stand to gain from using consumer data, that make this so questionable. Since the whopping $886.6m fine imposed on by the EU back in 2021 (similarly for improper processing of personal data in violation of GDPR), Big Tech firms should have been aware of the double-edged sword of data handling.

As much as the tech giants may utter cries of a witch hunt, these ongoing cases are a clear sign that governments and regulators are starting to wake up to data misuse. Walking the well-trodden path from consumer to enterprise technology developments, it’s hardly a leap to say that data handling in the commercial sphere should also be crossing its t’s for GDPR purposes, or rather its fingers in the hope that no unhappy employees decide to make similar complaints for data misuse.

The ethics of new data and process mining technology has been a hot topic, examples of employee messaging and email mining being a clear case in point. With businesses in line to gain substantial profits from capitalizing on employee data, the weight of data consent can’t simply be dumped on software end users with little transparency. It could all look very sticky if these complaint cases also start emerging for smaller organizations.

Google and Meta may have had this initial telling-off, complete with a cacophony of wrist-slapping and pocket-money withholding. But these fines are unlikely to be the last for Big Tech as regulations catch up with technology. As it’s arguably looking more like a ‘when’ rather than a ‘who’ scenario, my red dauber is at the ready – is anyone up for a game of Big Tech data-handling bingo?