German anti-trust regulators have attacked the heart of Facebook’s ad business by ordering it to let consumers use the service without agreeing to data tracking outside of their Facebook account. The ruling cites Facebook’s dominant market position as reason to make it meet more stringent consent standards than competitors.
Facebook may face special scrutiny but privacy regulation has affected businesses throughout the European Union. A report by global law firm DLA Piper found that more than 59,000 personal data breaches have been reported to regulators since the GDPR took effect in May 2018. The Netherlands shows by far the highest breach rate but the report notes that differences reflect factors such as variations reporting rules and what it tactfully calls “culture”. The report doesn’t compare notification volume against pre-GDPR periods but other studies show a sharp increase.
GDPR makes it mandatory to report data breaches, while should lead companies to work harder to avoid them. But don’t expect quick results: we consistently see reports that security teams doubt they can provide fully protect their data. For example, data security company Digital Guardian found that 75% of IT and cybersecurity leaders believe more than 20% of their sensitive data stored in the public cloud services is insufficiently secured and 50% know their organizations have lost already lost such data. Along the same lines: security services firm CyberScout reports that more U.S. consumer records were breached in 2018 than the year before even though the number of incidents declined, and distressingly concludes that breaches are “the new normal”.
The CDP Institute educates marketers about the issues, methods, and technology used to manage customer data, with a special focus on Customer Data Platforms. Join the CDP Institute for free access to valuable information and insights.