Bigger Fines Possible in New EU Privacy Rules featured image

Bigger Fines Possible in New EU Privacy Rules

by John DiGiacomo

Partner

Once the United Kingdom finally parts ways with the European Union, it still won’t be completely clear of the governing General Data Protection Regulation (GDPR). Generally, the GDPR is meant to strengthen and unify data protection for European Union (EU) citizens and residing companies. However, the GDPR still controls fines and regulations of non-EU companies if the data comes from EU citizens. The reform first passed on April 14, 2016, but it won’t go in effect until 2018.

What does the GDPR govern?

While most of the reform pertains to privacy for European Union citizens and companies, non-EU companies can still be charged hefty fines. Failure to notify consumers of data security breaches, failure to implement preventative measures, failure to correctly maintain records, and breaches over obtaining consent for the processing of children’s data all fall under the standard. While the GDPR is a EU governing document, actual enforcement will happen on an individual nation level. Each company will be governed by the rules of the country where it’s mainly established. While the actual finable actions haven’t changed, the new system gives much greater room for financial punishment.

What are the new fines?

With the new regulations, fines for the previously stated infractions have increased dramatically. The new GDPR allows for fines up to €20,000,000 or 4% of the company’s global revenue, whichever is higher. For example, 4% of Apple’s revenue is approximately $9.3 billion. While these fines may seem small in the grand scheme of overall worth and cash flow, this major hit for large infractions could topple even a massive company. These new caps are greater, on average, than the current EU countries’ own privacy infraction fining systems. While the individual countries prosecute each company residing in their lands, EU rules now leave more room for increased fines for almost every nation.

Will nations actually use this new fining system? 

Because the bill doesn’t take effect until 2018, it’s hard to say for certain how much the nations will actually fine infracting companies. However, it’s unlikely that a country like Bulgaria, which currently sets a max fine of roughly 100,000 euros, will suddenly increase its own punishment standard because of this new freedom from the governing GDPR. Because of global pressures to show that each nation or union is taking privacy seriously, there has been a slight flexing by governing bodies to increase financial penalty caps.

Currently, there is no explicit guidance for companies to traverse these new rules and fines. Companies worried about potential liability should obtain legal advice. For more information regarding the new agreement and its increasing fine caps, contact Revision Legal’s Internet attorneys through our contact form or by calling 855-473-8474.

Image Credit: Rob Pongsajapan

Extra, Extra!
Recent Posts

Can I Trademark a Non-English Word or Phrase in the U.S.?

Can I Trademark a Non-English Word or Phrase in the U.S.?

Trademark

Yes, as long as the proposed trademark meets the other requirements for registration. U.S. trademark laws do not require that only the English language can be used for trademarks. However, whatever the language, trademarks must meet the legal requirements, including functionality, distinctiveness, uniqueness, etc. For example, every trademark must function as a trademark in that […]

Read more about Can I Trademark a Non-English Word or Phrase in the U.S.?

California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

Internet Law

In a new ruling, a California federal judge has declared the entirety of California’s Age-Appropriate Design Code Act (“CAADCA”) to be unconstitutional. Cal. Civ. Code §§ 1798.99.28 et seq. See media report here and the Opinion here. The case is Netchoice, LLC. v. Bonta, Case No. 22-cv-08861-BLF (US N.Dist. Cal, March 13, 2025). The CAADCA […]

Read more about California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

Put Revision Legal on your side