Dive Brief:

• Google has been fined 50 million euros by French data protection authority CNIL under the European Union’s General Data Protection Regulation, ZDNet reported. The fine, the largest imposed under GDPR, was for breaking rules around transparency and the need for a “valid legal reason for processing people’s data for advertising purposes.” 
• In separate news, U.S. regulators have reportedly been meeting to discuss imposing a record-setting fine against Facebook for violating a government agreement to protect users’ privacy data, sources told The Washington Post. The Federal Trade Commission is considering a fine that would be the first major punishment for Facebook in the U.S. for its Cambridge Analytica scandal.
• The FTC is looking into whether Facebook’s business practices violated requirements included in a consent decree. The agreement requires Facebook to notify users and obtain permission before sharing data with third parties in ways that differ from existing privacy settings. It requires the company to notify the FTC in cases where others misuse the information and prohibits Facebook from making deceptive statements about its privacy practices and to put in place checks for how it uses data. 

Dive Insight:

The news suggests that it will be more costly than ever for the major digital platforms to gather and leverage consumer data if they aren't closely aligning their practices with privacy regulations. The extra cost is likely to come in the form of some of the largest fines meted out by regulators, who are paying closer attention to the actions of Google, Facebook and others in wake of some major data breaches. Privacy advocates are urging the FTC to be aggressive in its action against Facebook, the Post reports. After years of complaints that digital platforms were prioritizing growth over user privacy, the hefty fine against Google and the FTC mulling over whether to impose its own on Facebook could a send a strong message about the need to take privacy more seriously.

Privacy is a growing concern for online users, and championing customer data privacy and transparency to help them stand out is expected to be a key focus area for 2019, according to Forrester. However, so far the impact on digital platforms has been minimal when user privacy has been compromised.  While Facebook has faced diminished trust from users following the Cambridge Analytica, the platform hasn’t seen a widespread financial impact and has continued to unveil new features to boost privacy on the platform. Ad spending on Facebook had mostly bounced back last fall after a slump from March to May 2018, a C3 Metrics analysis revealed. Average Facebook spend per month was about $140,000 in January 2018 and dropped to under $20,000 in May, but was back up to just over $120,000 by August. 

The latest news follows a recent call from the Association of National Advertisers for the FTC to create a comprehensive federal law around how businesses collect and apply consumer data, following an FTC request for comment before a February hearing on customer privacy. ANA is hoping to avoid multiple state-level laws with different standards, which could lead to a compliance nightmare, and says a single federal law would be less confusing for consumers. 

The Google fine stems from complaints that the company lacked a “sound legal basis” for processing consumer data, was vague about telling users how data would be used and how long it would be stored, and forced users to consent, when many may not have understood the process, according to ZDNet.

Google announced last summer that it was delaying participation in a consortium of ad tech companies and is causing members to be out of compliance with GDPR, which went into effect in May 2018. The company had planned to join the program in August, and had created a temporary solution in the meantime, but critics said it was ineffective and resulted in ads being targeted to people who had not consented to receiving personalized ads.