Compliance Week‘s Joe Mont writes that the revelation of Facebook sharing the data of tens of millions of its users with Cambridge Analytica has finally brought the issue of data privacy home to the general public. He says it will likely affect even more online offerings, as a chorus of critics demand an end to the self-regulation free-for-all that tech companies have thus far enjoyed in the United States.
The FTC is investigating whether the exposure of personal data is a violation of its 2011 consent decree with the company over privacy failings. In a worst-case scenario, assessing a $40,000 fine for each violation of the decree could add up to trillions of dollars in fines.
Facebook CEO Mark Zuckerberg has been talking about simplifying and improving customer privacy settings, allowing more control over what data is, or isn’t shared. But that isn’t likely to stop debate over increased regulation, according to Mont.
In the past the focus in these matters has been on security, but the fact that the Cambridge Analytica “breach” was a matter of policy and protocol rather than technical vulnerability exploitation is shifting the focus to privacy. That is the key focus of the EU’s impending General Data Protection Regulation, which could serve as a model for US legislation.