Facebook once more begs to be regulated

Like the data addict it is, social media giant Facebook feels it can’t be trusted to moderate its own habits and thinks state intervention may be the answer.

Reuters reports that Founder and CEO Mark Zuckerberg (pictured) would like Facebook to be regulated in a way that’s somewhere in between how we currently regulate media companies, on once hand, and telcos. He did so in the context of people moaning about ‘bad’ content and specifically political misinformation spread over social media.

Zuck clearly thinks treating Facebook as a traditional media organisation is a step too far as it doesn’t produce its own content. But in observing that you would never punish a phone network for the stuff that passes over it, he seems to think there should be some greater degree of accountability imposed on social media companies for the content they host.

So all he’s really saying is that Facebook’s accountability for the stuff it publishes should be somewhere between 1% and 100%. Very helpful. In essence Zuck is resharing the old platform versus publisher debate and saying social media companies are neither and both – i.e. somewhere in between.

But why should Zuck want Facebook to be regulated at all? Isn’t that just inviting the state to poke its nose into his company’s private affairs? The answer is that social media censorship is an impossible task and that Facebook will never be able to please all of the people all of the time. What Zuck wants to do is find the perfect balance for his company between offloading responsibility for censorship decisions and retaining core control.

You have to wonder, however, whether Zuck has been adequately briefed on the nature of telecoms regulation. Does he know, for example, that all kinds of other things get tinkered with, including what they can charge their customers. Facebook may think a little bit of regulation will solve its content moderation problems, but letting that genie out of the lamp could well create a bunch of new ones.

New York ends resistance to T-Mobile/Sprint merger

New York Attorney General Letitia James has announced her office will not pursue an appeal against the courts decision to approve the $26 billion T-Mobile US and Sprint merger.

While the other states involved in the lawsuit to prevent the combination of the two telcos are yet to formally make their position public, James was the primary driving force behind the legal opposition. Others might try to step up, but without one of the US’ fastest growing political forces at the helm, responses look relatively pitiful.

“After a thorough analysis, New York has decided not to move forward with an appeal in this case. Instead, we hope to work with all the parties to ensure that consumers get the best pricing and service possible, that networks are built out throughout our state, and that good-paying jobs are created here in New York.

“We are gratified that this process has yielded commitments from T-Mobile to create jobs in Rochester and engage in robust national diversity initiatives that will connect our communities with good jobs and technology. We are committed to continuing to fight for affordability and access for all of New York’s mobile customers.”

James’ opposition to the $26 billion merger first emerged in June 2019 when, alongside California Attorney General Xavier Becerra, support was raised for a multi-state lawsuit against the corporate transaction. James managed to convince 12 State Attorney Generals to oppose the deal, questioning whether it would be beneficial for the consumer and attempting to disprove that Dish would not be adequate as a fourth mobile operator.

In a 173-page opinion, Judge Victor Marrero effectively said the merger was a good idea as Sprint was not worthy of being called competition. The combined entity would be a much better representative, while Marrero believed Dish plans to scale rapidly were viable, even if few others do. His ruling effectively killed the resistance to the merger.

Although some will be disappointed the lawyers are giving up the fight, it might simply be a case of looking at the bigger picture. James has pointed to job creation promises in her state, though now the attention will turn to ensure these jobs are actually created. Back in October, Colorado and Mississippi both did the same; the legal opposition was dropped as agreements were forged with T-Mobile US and Dish to offer benefits to the states.

While there will be some benefits to the transaction, it is impossible to avoid the negatives. T-Mobile US and Sprint will be able to realise efficiencies to better compete with AT&T and Verizon, while Dish will offer more jobs. However, there will be a rationalisation project after the transaction leading to job losses in shared business functions (finance, legal etc.) and also in areas where the retail footprint overlaps. Redundancies are unavoidable.

The question which remains is who will get the best slice of the benefits?

Colorado agreed to drop the lawsuit against the merger if Dish was to create 2,000 jobs in the statey and will also keep its corporate HQ in the city of Littleton for at least seven years. The Attorney General has also negotiated an accelerated 5G deployment timeline with T-Mobile US in exchange. Over in Mississippi, former-Attorney General Jim Hood also negotiated an accelerated 5G deployment plan and also a ceiling on tariffs for consumers for a five-year period.

These were the only two states to drop out prior to the conclusion of the lawsuit, though now the lobbying for attention can begin as T-Mobile/Sprint and Dish are wooed by each of the states for their own benefit. James has said the deal offers new jobs to citizens in Rochester, New York, though with other states considering more legal action, T-Mobile US and Dish might have to hit the negotiating table elsewhere.

In California, Attorney General Becerra is considering his options, while Ken Paxton, the Attorney General for Texas, has not stated whether he will pursue an appeal to the decision. These might not be the catalyst for opposition that Letitia James is, but they will certainly be able to cause a problem. T-Mobile US, Sprint and Dish executives want this deal done, are will probably be willing to negotiate some attractive deals.

Indian Supreme Court takes another step towards telco duopoly

The Indian Supreme Court has rejected a plea from Vodafone Idea and Bharti Airtel to defer disputed spectrum licence fee payments, making the collapse of Vodafone Idea a realistic outcome.

While the dispute has been on-going for more than a decade, it has intensified considerably over the last few months. Vodafone Idea and Bharti Airtel are liable for roughly $7 billion each in payments, thanks to penalty fees and interests, and have been attempting to negotiate better terms.

The plea to the India Supreme Court, where the telcos asked for interest fees to be dropped and the sum to be payable over a ten-year period, has now been officially rejected. Vodafone Idea and Bharti Airtel now have until March 13 to make the payments to the Indian Government in full.

The question which now remains is whether the death of the Vodafone Idea business is anything more than a matter of time.

The dispute in question concerns license fees which the telcos are liable for. As part of the licence, the India Government is entitled to a slice of the profits, though what this percentage is and what it is a percentage of is the centre of the argument. As this disagreement has been on-going for more than a decade, the penalty and interest fees have been adding up to an eye-watering amount.

Despite pleas to ease the financial burden of these penalties, the Indian Government and regulator have remained stubbornly resolute. Now it appears in might be a case of ‘cutting off the nose to spite the face’.

The Indian Government has always looked quite self-serving when it comes to working alongside the telecommunications industry. It has seemingly looked at the market as a short-term money-tree, as opposed to a long-term stimulant to the greater economy. Spectrum auctions are another example of this, with the valuable, scarce and limited resource often going unsold at auctions as the telcos complain of the financial commitments.

Now the greediness of the Indian Government is seemingly coming back to haunt it as the threat of competition being dwindled to a duopoly, a very dangerous position to be in, becomes much more realistic.

At the time of writing, shares in Vodafone Idea were down 22%. Vodafone Group CEO Nick Reid has already suggested the business would not be prepared to invest anymore capital in India without assistance from the Government, with the latest ruling adding another nail in the coffin. The financial liabilities being placed on Vodafone Idea could very realistically cause the firm to shut up shop in the near future.

For the Indian telecommunications industry, this would be a disaster.

Telco Market share
Reliance Jio 32%
Vodafone Idea 29%
Bharti Airtel 28%
BSNL 10%
MBNL 0.2%

BSNL and MBNL are effectively being propped up by the Government currently, meaning the market has in-effect three mobile players. There of course used to be much more competition, but thanks to the Reliance Jio pricing disruption, Telenor, Tata and Reliance Communications exited the market, while Vodafone and Idea Cellular merged into a single entity in 2018. Competition is at a very weak point, and it now looks like it will become even more feeble.

If Vodafone was to cash in its chips, Idea Cellular will unlikely be able to revive its business. The merger was driven by survival after all, meaning the collapse of the third major MNO. A market duopoly is not healthy, especially when one of the competitors is already battered and bruised and facing the same monstrous fine as Vodafone Idea.

Bharti Airtel has suffered as much as any other telco since the arrival of Reliance Jio. As India is the domestic market of the telco, it is highly unlikely doors will close, but the Supreme Court decision will also hold Bharti Airtel to payments of roughly $7 billion. As the market heads towards an informal duopoly, the former-market leader could be weaker than ever.

On the other hand, as Reliance Jio only entered the market in 2016 its own spectrum fee bill is considerably less. It is still an uncomfortable amount, though the firm managed to sell off its tower assets to settle the amount. It might be a bit poorer for the saga, but it is in a considerably healthier position than any of its rivals.

The Indian authorities have done what can only be described an atrocious, amateur and absent-minded job of managing its telecommunications industry over the last few years. It seemingly favoured Reliance Jio to the long-term detriment of competition, was unable to price spectrum appropriately for decades, and in this example, is stubbornly demanding its dues. The authorities cannot be held to ransom by a diva-like demands of telcos, but the risk of a Vodafone Idea collapse is very high.

Vodafone Idea looks to be at breaking point, Bharti Airtel doesn’t have two rupees to rub together and Reliance Jio is laughing. The Indian Government is proving to be incompetent at managing a healthy and sustainable telco market.

Benign brother has got your back: China launches coronavirus app

China’s government bodies and businesses have jointly launched a mobile app to help detect if people have been in close contact with those suspected of carrying the novel coronavirus.

The app has access to multiple official holders of private data. By registering with his or her name and Chinese ID number, a smartphone user can use the app, called “Close Contact Detector” to check if he or she has been in proximity of those who are later either confirmed or suspected to have the virus. Such close contacts include travelling in the same train carriage or sitting within three rows on the same flight with those carrying the virus.

One registered user can check the status of up to three users by inputting their ID numbers and names. One ID number is limited to one check per day. The app will then return an assessment of which category the individual in question falls into: Confirmed case, Suspected case, Close contact, Normal. Xinhua, one of the major official propaganda outlets, reported that over 105 million checks have been made by users three days after the app was launched.

The app development was led by the government organisations responsible for health which was joined by China Electronics Technology Group, one of the country’s largest state-owned enterprises, as well as the leading smartphone makers Huawei, Xiaomi, OPPO, and Vivo. The backend data comes out of the National Health Commission, the Ministry of Transport, China State Railway Group Company, the state owned enterprise that operates all the rail transport in China, and the Civil Aviation Administration, the aviation regulator.

The fact that private travel data is made readily available to business entities without explicit consent from the individuals involved may raise plenty of eyebrows in places like Europe, but the attitude in China is different. “From a Chinese perspective this is a really useful service for people… It’s a really powerful tool that really shows the power of data being used for good,” Carolyn Bigg, a Hong Kong-based lawyer, told the BBC.

“Close Contact Detector” has been pushed out by the smartphone brands as a priority app to their users in China. It is unclear how or if promoting to users of other smartphone brands, iOS users, or non-smartphone users, will be conducted. Nor is it clear if there are plans to extend the coverage to residents without a Chinese ID number, such as foreign nationals staying in China.

Telecoms.com has learned that over the last few weeks there have been other online tools to help concerned users check if they had unknowingly come into contact with confirmed victims of the new coronavirus. The key difference from the new contact detector is that, in the earlier attempts, backend data was crowdsourced from publicly available information including the flight and train numbers of the confirmed cases published in the media.

Neither is contact detector the only use case where user data is playing a role. A recent video clip making rounds on social media shows a drone flying a blown-up QR code that drivers can scan to register before they enter Shenzhen after the long Chinese New Year break. The method is deployed presumably to prevent cars and drivers registered to the major disease hit regions from going through, as well as reduce human-to-human interaction. Xinhua reported that the Shenzhen Police, which is responsible for managing the local traffic and owns the automobile and driver data, is behind this measure.

FTC starts turning the screw on Big Tech

The Federal Trade Commission (FTC) has issued Special Orders to five of the technology industry’s biggest hitters as it takes a more forensic look at acquisition regulation.

Under the Hart-Scott-Rodino Act, certain acquisitions or mergers are required to be greenlit by the regulatory authorities in the US before completion. This is supposed to be a measure to ensure an appropriate marketplace is maintained, though there are certain exceptions to the rule. It appears the FTC is making moves to combat the free-wheeling acquisition activities of Big Tech.

Under the Special Orders, Google, Amazon, Apple, Facebook and Microsoft now have to disclose all acquisitions which took place over the last decade. It appears the FTC believes the current rules on acquisition need to be reconsidered.

“Digital technology companies are a big part of the economy and our daily lives,” said FTC Chairman Joe Simons. “This initiative will enable the Commission to take a closer look at acquisitions in this important sector, and also to evaluate whether the federal agencies are getting adequate notice of transactions that might harm competition. This will help us continue to keep tech markets open and competitive, for the benefit of consumers.”

While authorities have already questioned whether some acquisitions are in the best interest of a sustainable industry, in fairness, Big Tech has done nothing wrong. Where relevant, the authorities have been notified regarding acquisitions, and they have generally been approved. If the FTC and its cousins in other regulatory authorities believe the current status quo is unappealing, they only have themselves to blame.

In general, an acquisition will always have to be reported if the following three criteria are met:

  1. The transaction would have an impact on US commerce
  2. One of the parties has annual sales or total assets of $151.7 million, and the other party has sales or assets of $15.2 million or more
  3. The value of the securities or assets of the other party held by the acquirer after the transaction is $68.2 million or more

All three of these criteria have to be met before the potential acquisition has to be approved by the regulators.

Interestingly enough, the Android acquisition by Google is rumoured to be for roughly $50 million, therefore the third criteria was not met, and the team did not need to gain regulatory approval for the deal. This is perhaps what the FTC is attempting to avoid in the future, as while we suspect there was no-one in the office at the time with enough foresight to understand the implications, the regulator might suggest it would not have approved the deal in hindsight.

One of the issues being faced currently, and this is true around the world not just in the US, is that authorities feel they have lost control of the technology industry. Companies like Google and Facebook arguably wield more influence than politicians and regulatory authorities, a position few will be comfortable with outside of Silicon Valley.

Aside from this investigation, the FTC is also exploring Amazon in an antitrust probe, while Google and Facebook are facing their own scrutiny on the grounds of competition. There have also been calls to break-up the power of the technology companies, while European nations are looking into ways to force these companies to pay fair and reasonable tax. Across the world, authorities are looking for ways to hold Big Tech more accountable and to dilute influence.

Interestingly enough, we don’t actually know what the outcome of the latest FTC foray will be. It will of course have one eye on updating acquisition rules, though as Section 6(b) of the FTC Act allows the regulator to conduct investigations that do not have a specific law enforcement purpose; it’s a blank cheque and the potential outcome could head down numerous routes.

Ofcom appoints safe pair of hands as new boss and gets new internet censorship role

Establishment figure Dame Melanie Dawes has been announced as the new Chief Exec of UK telecoms regulator Ofcom.

She replaces Sharon White, who was also a senior civil servant before being handed the Ofcom gig. Dawes (pictured) is currently Permanent Secretary at the Ministry of Housing, Communities and Local Government, a position she has held since 2015. Prior to that she was Director General of the Economic and Domestic Affairs Secretariat at the Cabinet Office.

“I am delighted that the Secretary of State has approved Ofcom’s appointment of Dame Melanie Dawes as the next Chief Executive of Ofcom,” said Lord Burns, Ofcom’s Chairman. “The Government’s statement that it is minded to appoint Ofcom as the regulator for online harms is a vote of confidence in Ofcom’s expertise. I know Melanie will do a fantastic job of leading the organisation and maintaining its strengths.

“I look forward to working with her over the months ahead as we prepare for this forthcoming legislation as well as the ongoing tasks of achieving better broadband and mobile coverage and supporting UK broadcasting.”

“I congratulate Dame Melanie Dawes on her appointment as chief executive of Ofcom,” said DCMS Secretary of State Nicky Morgan. “Melanie’s experience leading organisations through change will be vital as the Government today announces it is minded to appoint the organisation as regulator for new online harms laws.”

What’s all this ‘online harms’ stuff they’re all banging on about, I hear you ask. Well the UK government has been having a public consultation on how to protect people from bad stuff on the internet. As a result it has concluded there needs to be some kind of state intervention to make sure those who publish bad stuff are censored, punished and prevented from ever doing so again.

“We will give the regulator the powers it needs to lead the fight for an internet that remains vibrant and open but with the protections, accountability and transparency people deserve,” said Morgan. There’s just so much to unpack in that. Of course things like child abuse, promoting terrorism, etc should be kept off the internet and proponents of them punished, but that stuff is already illegal, so why do we need extra powers to fight it? Proposing the censorship of ‘harmful’ but otherwise legal content creates so many new problems it’s hard to know where to start.

“There are a number of important questions that remain unanswered – especially in a post-Brexit environment – such as how Ofcom will use its new powers, how a regulator would deal with companies not based in the UK and ISP blocking – including how the UK reacts to technical developments such as DNS-over-HTTPS. ISPA will be working with its members on these and other points as we enter the next phase of consultation,” said Andrew Glover, the Chair of ISPA.

It had previously been rumoured that the new UK government would push for a more radical appointment, but maybe this additional internet censorship remit caused it to err on the side of caution. Dawes would have had her hands full without the impossible job of policing the internet, now she’s really got her work cut out.

Germany set to follow UK on Huawei conundrum – report

Huawei looks to have survived another European scare as Germany closes in on a deal which would offer the company restricted freedoms, similar to the position of the UK.

According to reports in Reuters, the leading political parties in Germany are set to agree on a strategy paper which would allow Huawei a restricted role to participate in the deployment of 5G networks. It might be considered a bit of a snub to the US, but like the UK this would appear to be a pragmatic approach to delivering the next generation of connectivity.

“State actors with sufficient resources can infiltrate the network of any equipment maker,” the agreement states. “Even with comprehensive technical checks, security risks cannot be eliminated completely – they can at best be minimized.

“At the same time, we are not defenceless against attempts to eavesdrop on 5G networks. The use of strong cryptography and end-to-end encryption can secure confidentiality in communication and the exchange of data.”

Although this is not a confirmed position yet, it is believed the new position will be voted in later today (February 11). There are still aggressors who are pursuing an all-out ban, namely the Social Democratic party, a junior coalition partner to the Christian Democratic party, though it appear Huawei will survive, albeit in a limited function.

The paper would outline a similar approach to managing Huawei as the UK has taken. As you can see from the statement above, the German authorities seem to be taking the approach that as it is impossible to guarantee 100% safety, irrelevant of the equipment manufacturer, it is not logical to target one specific company.

The paper apparently states the network would be split into the three different components (radio, transmission and core), and different procedures for handling Huawei equipment dependent on its designation. This is a risk-management approach, similar to the one taken in the UK.

The issue which the Germans are facing is also similar; German telcos are all existing customers of Huawei and have signed agreements to work with Huawei going forward. Should a ban be implemented, not only would this create a problem in terms of time (negotiating new commercial agreements, testing equipment etc.) but there might also have to be expense incurred as ‘rip and replace’ projects are kicked off to ensure backwards compatibility.

In the UK, BT has said it will cost £500 million to become compliant with the Huawei restrictions in the RAN. This might sound like a significant investment, but it would have been considerably worse if a complete ban had been introduced.

Other elements of the strategy which could impact the telcos are potential demands to enforce a multi-vendor supply chain, and security checks on equipment which all vendors would have to adhere to. This is an idea which has been raised in the past, paying homage to the complexity and variety of supply chains nowadays; as 100% security cannot be guaranteed by everyone, every vendor would be forced to demonstrate security credibility.

It is not yet guaranteed that Germany will take this approach, but it does appear the German Government will try to mitigate risk and compensate for the current status quo.

Despite all the lobbying and threats which have been passed across the Atlantic from the White House, it does appear US delegates were unable to present evidence of a ‘smoking gun’ which would have turned European governments against Huawei and other Chinese vendors. This is a win for the US, it has demonstrated it has influence over Europe after all, but its ability to dictate policy is becoming weaker.

One question which does remain is the impact this will have on the German-US relationship. President Trump has not been on the greatest of terms with Merkel over the years and considering the influence Germany has on the European Union bureaucracy, the White House find itself more irritable.

On the other side of the coin is the relationship between Germany and China. China is an important trade partner of Germany, especially the automotive industry which has such a powerful lobby in the country. Irritating this relationship with the Chinese would not be something many would want, and it does appear a snub to the US is tolerable.

While the UK and Germany are only two nations, it does appear the US is losing the political influence game in Europe. Other European countries pay attention to the opinions and actions of these Governments, and it might be a case of the first dominoes to fall, especially with the likes of France and Italy also leaning towards a Huawei-friendly environment

The EU starts hassling US tech companies again

Facebook and Qualcomm look set for another round of scrutiny from the European Commission around their business practices.

According to the WSJ, Facebook is being asked to hand over internal documents to EU antitrust investigators so they can have a deeper look into whether or not it used dirty tricks against its competition. The allegation is that Facebook made use of its users’ data to skew the market in its favour by bribing partners to stay loyal.

That’s the sort of thing Qualcomm has got into trouble with the European Commission about in the past and, according to Reuters, lightning may be about to strike twice. Qualcomm revealed in a regulatory filing accompanying its recent quarterlies that the EU is investigating whether it abused its dominant position in radio frequency front-end chips.

It seems the EU is concerned that Qualcomm is using its near monopoly in 5G modems to strongly encourage customers to buy its RF chips too. Apparently sales of RF chips were a factor in issuing a better than expected forecast. As ever this will all drag out as lawyers and antitrust types get bogged down in the minutiae of it all, but it seems clear that the EU’s appetite for hassling US tech companies is undiminished.

The death of Vodafone Idea starting to become a real prospect

Vodafone Group CEO Nick Read has reiterated his vow that no fresh funds would be injected into the Indian joint venture with Idea Cellular, painting a dreary picture for competition in the market.

As it stands, Vodafone Idea owes the Indian Government roughly $7.4 billion in spectrum fees, overdue payments and fines. Bharti Airtel is in a similar position, with both telcos pressing the authorities for relief. To date, the authorities are not budging, potentially undermining any commercial objectives for Vodafone in the region.

According to The Economic Times, Read has demanded the Government waive the penalties and interest payments, while also allowing Vodafone Idea to repay the principle sum over a period of ten years. Only if these demands are met, will Vodafone commit to continue the joint venture with Idea Cellular and push additional funds into the market.

This is a very stern statement from Read and one the Indian authorities should take very seriously. Numerous telcos have already left the market, and while it cannot be held to ransom by another, the competition landscape is looking suspect already.

The main issue here is a dispute over licence fees paid on spectrum assets. The telcos and the Government have different opinions on how much should be paid. This argument has been on-going for more than a decade, hence the ridiculous sums which Vodafone Idea and Bharti Airtel are being asked to pay. As Reliance Jio only came into existence in 2016, its own bill is much more palatable.

With extraordinary pressures already being placed on the spreadsheets thanks to the Reliance Jio disruption by undercutting existing pricing models, as well as a drive towards modernising infrastructure, this bill is the last thing the telcos need.

For Vodafone, you can see the predicament. There is a fortune to be made in India, but how much pain and expense can the business go through to realise it. The firm is facing difficulties in several other markets also; how many headaches can Nick Read tolerate at once? India might prove to be one migraine too far.

Tinder comes under the scope of Irish GDPR watchdog

Dating apps have forever changed the way millennials find relationships (for however long they last…) but Tinder has found itself under the scrutiny of the Irish regulator.

The dating trailblazer has found itself alongside serial privacy offender Google as the focal point of an investigation from lead-European GDPR regulator the Irish Data Protection Commission. The question is whether MTCH Technology Services, the parent-company of Tinder, complies with GDPR in terms of processing user data.

“The identified issues pertain to MTCH Technology Services Limited’s ongoing processing of users’ personal data with regard to its processing activities in relation to the Tinder platform, the transparency surrounding the ongoing processing, and the company’s compliance with its obligations with regard to data subject right’s requests,” a statement from the regulator said.

Interestingly enough, a recent investigation from the Norwegian Consumer Council (NCC) suggested several dating apps such as Grindr, OkCupid, and Tinder might be breaking GDPR. The investigation suggested nine out of ten of the most popular dating apps were transmitting data to ‘unexpected third-parties’ without seeking consent from users, potentially violating GDPR.

As these applications collect sensitive information, sexual preferences, behavioural data, and location, there could be quite the backlash. The Irish Data Protection Commission will investigate how this information is processed, whether it then transmitted onto third parties and if the developers are being transparent enough with their users.

Alongside the Tinder investigation, the Irish watchdog is also investigating a regular for the privacy enforcement community, Google.

Once again, transparency is the key word here, as it so often is when one of the Silicon Valley residents are placed under the microscope. The authority will hope to understand how Google collects and processes location data, while also seeing whether it has been effectively informing users prior to collecting consent.

Google is seemingly constantly under the scrutiny of one regulator or another due to the complex web that is its operations. No-one outside of Google genuinely understands every aspect of the business, therefore a new potential privacy scandal emerges every so often as the layers of complexity are pulled back. In this investigation, it is not entirely clear what product or service is the focal point.

What is worth bearing in mind that any new privacy investigations are most likely to focus on timelines which were initiated following the introduction of GDPR in 2018. Anything prior to this, for example the Equifax leak or Yahoo hack, would not have been subject to the same financial penalties.

For the Tinder and Google investigations, any wrongdoing could be punished with a fine up to €2 million or 4% of total annual revenues, whichever is greater. We haven’t seen many of these fines to date because of the timing of the incidents or investigations, but regulators might well be looking for a case to prove there is a bite behind the regulatory bark, a means to scare corporates into action and proactive security measures.

An excellent example of this enforcement concerns Facebook and the Cambridge Analytica scandal. The investigation into potential GDPR violations takes into account several different things; the incident itself, security procedures and features, transparency with the user and assistance with the investigation, to name a few. Facebook did not cover itself with glory and was not exactly helpful during the investigation, CEO Mark Zuckerberg refused to appear in front of a Parliamentary Committee in the UK when called upon.

As this incident occurred prior to the introduction of GDPR, the Information Commissioner’s Office in the UK was only permitted to fine the social media giant £500,000. Facebook’s annual revenue for 2013, when the incident occurred, was $7.87 billion. The maximum penalty which could have been applied under GDPR would have been $314 million.

Although the potential fines have been well-documented, until there is a case to point to most companies will push the boundary between right and wrong. Caution is generally only practised when the threat of punishment is followed through to make an example.