Millions of dollars at risk if companies don’t take consumer data protection seriously

The FTC and Europe's GDPR will punish companies that fail to protect consumer data and maintain compliance.

Chat with MarTechBot

Data Numbers Ss 1920 Fcukav

Dare I use the term “datapocalypse?” Kidding aside, data privacy and security are becoming huge issues with major consequences for companies that fail to take necessary steps to comply or live up to their own promises.

Domestically, the Federal Trade Commission (FTC) is filing complaints against companies that represent one thing but do another; internationally, the EU’s General Data Protection Regulation (GDPR) will require much closer attention to consumer data privacy from US companies doing business in Europe.

Earlier this week, the FTC and Uber settled a privacy complaint that alleged Uber had failed to act in accordance with its promises to protect consumer and driver data from improper employee and third party-access. As part of the settlement, Uber will submit to twice-yearly privacy audits for the next 20 years.

This is the second FTC settlement in 2017 for Uber. Earlier, the company agreed to pay $20 million to settle a complaint that misrepresented driver earning potential and car financing terms.

In another recent settlement, the FTC forced the “disgorgement” (return) of lead-gen-related profits obtained by Blue Global Media, which ran websites that obtained consumer loan applications that were then sold to third parties. The company misrepresented how the personal data would be handled and to whom it was being made available.

The data was provided not to “trusted lenders” but to any paying third party, and “sensitive personal and financial information was shared and sold indiscriminately without consumers’ knowledge or consent.” The settlement required the company to return the entire $104 million it made selling consumer leads.

In Europe, the privacy and consumer-data earthquake known as the General Data Protection Regulation (GDPR) goes into effect in May 2018. It’s going to require more security, more disclosures and opt-in permissions for use of consumer data. It will also limit uses of consumer data by internet platforms and martech companies.

There may be significant fines for violations — in the millions of euros — and GDPR’s reach will extend to any company using EU citizens’ data, regardless of the company’s primary place of business. Here are a few overview and implications articles for GDPR:

Startups and established companies alike are going to need to pay extremely close attention to data privacy and security compliance going forward — especially if they capture or use data from EU citizens, which most large US internet companies do. In the US, the same holds true, but the emphasis (at the FTC) generally is on consumer deception, and whether companies are complying with their own terms and policies.

Data privacy and security are no longer issues that companies can afford to be sloppy about. If they are, the consequences could be dire.

Contributing authors are invited to create content for MarTech and are chosen for their expertise and contribution to the martech community. Our contributors work under the oversight of the editorial staff and contributions are checked for quality and relevance to our readers. The opinions they express are their own.

About the author

Greg Sterling
Greg Sterling is a Contributing Editor to Search Engine Land, a member of the programming team for SMX events and the VP, Market Insights at Uberall.

Fuel for your marketing strategy.