1. Extra Categories
  2. Editor's Pick
March 23, 2018updated 15 Aug 2018 3:23pm

Here’s how much each US tech giant could be fined under new UK and EU data protection laws

By Shoshana Kedem

The European Union and the UK are adopting new data protection laws in May which could see companies face huge fines for mishandling users’ data.

Under the new law companies — with big US tech giants thought to be in the firing line — could be fined up to 4% of their annual revenues or €20 million — whichever is higher.

Yesterday the UK’s Digital, Culture, Media and Sport Secretary Matt Hancock said Facebook could be slapped with a £1 billion fine under the new rules.

Speaking at an event yesterday he said:

We are going to require much more transparency in how data is held by the big platforms.

We have a real chance to be the place that sets the rules for how the internet works.

The social media giant earlier this week was forced to admit that it had made mistakes that led to 50 million people’s data exploited by political consultancy Cambridge Analytica, which some people fear might have influenced the 2016 US presidential election.

With companies bracing themselves for a crackdown on data breaches from this year, here’s how much some of the world’s biggest data merchants could stand to be fined.

Turnover in 2017
Potential fine
$229 billion
$9.2 billion
$178 billion
$7.1 billion
Google (Alphabet)
$110 billion
$4.4 billion
$90 billion
$3.6 billion
$40. 7 billion
$1.6 billion
$11.7 billion
$467 million
$2.4 billion
$96 million

The UK’s new bill — called the UK Data Protection bill which mirrors the EU’s so-called GDPR regulation — will also expand the powers of the Information Commissioner to investigate mishandling of user data.

Under the new legislation the commissioner will be given the right to “go in faster into an organisation against which she has an information notice”, according to Hancock.

He said:

You can’t just let the companies decide what is the balance between privacy and use of data and innovation. That is a decision for society, reflected in the laws that we pass here.

We are going to require much more transparency in how data is held by the big platforms, and transparency around how advertising spend is used on them.

Under current laws EU authorities can only dish out small fines for data breach violations and have limited power to sanction companies.

The provisions would be applied to free digital platforms, where people exchange their personal data for the services provided — such as cloud storage, email, or social media.

The UK Department for Digital, Culture, Media & Sport told Verdict that the new law is expected to come into force in May.