Brace yourselves, Europe – the lawyers are coming
Peter Fleischer, an American in Paris who is also Google’s Global Privacy Counsel, knows a bit about privacy and law. Writing in his own blog he has warned Europe to expect a litigious explosion in a few years time from the new EC data protection regulation expected to come into force in 2015.
So far, breaches of privacy regulations within the EU have been handled by national data protection authorities (DPAs) such as the UK’s ICO and the French CNIL. Such regulators have limited powers: “the largest fine ever imposed by the CNIL in its history was 100,000 euros,” he notes. There have been few challenges to such fines. Why would a company launch a legal challenge when the cost of the challenge would outweigh the amount of the fine?
But this will change under the data protection regulation, where fines will be based on a percentage (perhaps 2%) of revenue. For larger companies this could easily lead to fines in excess of £100,000,000; and those companies will certainly object in court with serious, heavyweight legal counsel. The problem is aggravated by the current make-up of most national DPAs, which are under-staffed and lack the necessary legal expertise. The UK Information commissioner, for example, comes from a marketing rather than a legal background.
“It’s one thing to launch an enforcement action where the money at stake is 100,000 euros. It’s entirely different when the money at stake is 100,000,000 euros,” warns Fleischer. “In a couple years, privacy litigation will go big time in Europe…”