Best of 2022: Big tech, big fines and a tenfold increase - why the GDPR matters in ASEAN

Since the General Data Protection Regulation (GDPR) came into effect in May 2018, big tech giants such as Amazon, Facebook, WhatsApp, and Google have been fined millions of euros.

Amazon has suffered the largest fine to date at 746M euros. In second place is WhatsApp, with a whooping fine of 225M euros.

These tech giants have been accused of failing to obtain free consent, installing unauthorised cookies, and having unclear privacy notices.

Fines against these big tech companies have led to a tenfold increase in GDPR fines from 2020 to 2021, demonstrating that EU regulators are becoming stricter in enforcing data subject rights.

Learn more about the GDPR through the Certified Information Privacy Professional/Europe (CIPP/E) here.

Complaints over a lack of transparency

While a majority of cases in Singapore have been due to negligence in protecting customer data, these big tech companies are being fined for violations related to lawfulness and transparency, such as failing to obtain consent and excessive collection and processing.

For instance, the 225M euro fine on WhatsApp, imposed by the Ireland Data Protection Commission (DPC) in September 2021, is related to an investigation on whether its privacy notices were clear enough for users, and whether it provided enough information about how it processed personal data between WhatsApp and other Facebook companies.

Meanwhile, the investigation into Amazon arose after privacy rights group La Quadrature du Net, representing 10,000 individuals, filed a complaint against the tech giant. The details for Amazon’s hefty 746M euro fine, imposed last July 2021, have yet to be released.

However, the privacy rights group claims that Luxembourg regulators have acknowledged that Amazon was targeting users for advertising purposes without a legal basis, which is a violation of the GDPR.

This is not the first time Amazon was slammed with a fine. In December 2020, French regulators imposed a fine of 35M euros on Amazon Europe for installing advertising cookies on users’ computers without prior consent, and for failing to clearly communicate to users the purpose for installation of these cookies.

The fine was calculated considering the millions of French visitors who visit the Amazon site daily, thus receiving cookies without prior notice or insufficient notice.

Global appeal to respect the right to privacy

With the rise of artificial intelligence, organisations can gain lots of insights by harnessing big data. However, consumers are also becoming more aware of their right to privacy, and will eventually direct their support to businesses who respect these rights. Businesses must ensure that the rights of data subjects are always kept in check when they leverage new technologies.

We observe similar trends in the ASEAN region. Enforcements are also becoming stricter, and new data protection laws are being implemented. Singapore, for instance, will be increasing the ceiling for its fines in October 2022. Thailand, on the other hand, will be enforcing its data protection law in June of the same year. The Thai Personal Data Protection Act is heavily based on the GDPR.

Find out more about Europe's GDPR and how to apply the concepts to Asia here.

There truly is a global movement towards respecting the individual’s right to privacy, and organisations can no longer afford to turn a blind eye.

This article was originally published on 29 April 2022.