‘Toxic Content’ Costs Google and Facebook Billions in GDPR Fines. What Does It Mean for the Rest of Us?

GDPR laws on privacy allow for fines of up to 4 percent of global revenue for data breaches, which could cost Facebook $2.2 billion and Google $5.4 billion.
By: | March 12, 2019

Tech companies like Facebook and Google could soon be facing billions of dollars in fines from the British government for having harmful content on their channels and failing to properly protect users. Business Insider got the scoop from the UK’s digital minister, Margot James.

“UK ministers are planning to establish a powerful new tech regulator meant to be independent of government,” Business Insider reported. “It will make determinations about what constitutes harmful content and dish out penalties for firms that fail to take swift action in removing inappropriate posts.”

Europe’s new GDPR laws on privacy allow for fines of up to 4 percent of global revenue for data breaches. That could cost Facebook $2.2 billion and Google $5.4 billion.

Direct From Margot James

James offered insight into the forthcoming actions in her Business Insider interview. Here are some of her most memorable quotes:

“There will be a powerful sanction regime and it’s inconceivable that it won’t include financial penalties. And they will have to be of a size to act as a deterrent. If you look at the [Information Commissioner’s Office’s] fining powers, that might be a useful guide to what we’re thinking about.”

“You’ve got to take [toxic content] down before it proliferates. That’s the point. It’s too late once three weeks have gone by.”

“We clearly don’t want a kind of regulatory environment whose default is to deny and suppress because we want to encourage innovation.”

What Counts as “Toxic Content?”

That’s the million-dollar question. (Or should we say billion?)

Business Insider explains: “The UK’s new regulator will examine everything from illegal hate speech, such as terrorist recruitment videos or racism, to abuse that is more difficult to detect, such as online child grooming or problematic content around suicide and self-harm. Misinformation will also fall under the remit of the regulator.”

The wide-ranging GDPR laws have created an arms race for cyber talent and have serious implications for any company doing business in the European Union — from tech companies like Facebook to American insurance companies.

Any company that collects customer data is effected. Risk Insider Chris Mandel SVP, strategic solutions for Sedgwick and director of the Sedgwick Institute, explained its effect on insurers in a recent article“There are three major issues risk managers and insurance industry professionals must be ready to comply with: receiving accurate consent, ensuring third-party compliance and avoiding completely automated decision making … ” he wrote.

“Historically, ensuring the security of personal data has been the responsibility of the entity controlling the data. Under GDPR however, the burden is divided between the data processor and data controller.”

Further Reading:

GDPR, the Checklist for Compliance — Forbes

Thinking of Expanding Your Business Overseas? Your Cyber Security Compliance Just Got More Complicated — Risk & Insurance®

Europe’s Privacy Rules Are Having Unintended Consequences — Bloomberg

Jared Shelly is a journalist based in Philadelphia. He can be reached at [email protected].

More from Risk & Insurance