DPOInsider #36

Remote work and data breaches; Is it 📉 for ad-focused platforms?

Feb 3

The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️

Does more remote working = an increased likelihood of data breaches?

The T-Mobile data breach that impacted over 75 million people has resulted in a $350 million settlement through a class action lawsuit. That’s not insignificant. This serves as a warning for other companies to take the protection of their customer's personal information seriously.

T-Mobile's settlement (and there are countless more examples) highlights the need for companies to have strong technical measures in place and regularly test their systems for vulnerabilities.

But is there a trend here? Does more remote work increase the risk of data breaches?

Remote work has allegedly made companies more vulnerable to data breaches, with the healthcare and financial sectors being the hardest hit. The US is the most targeted nation for data breaches, with a staggering 7,221,177 incidents per million people. A data breach costs a company more than just money, as it can also result in a loss of customer loyalty and trust.

To mitigate the risk of a costly data breach, companies should do the following:

Establish data governance protocols and invest in compliance tools that make this easier.
Invest in employee cybersecurity training.
Have incident response plans in place, and implement a comprehensive cybersecurity system.

A data breach can have long-lasting effects on your company's reputation, so it's crucial for organizations to take proactive steps to protect their data and customers.

Is the GRPD against Meta a sign that ad-funded platforms are on the decline?

Looks like Elon Musk might want to reconsider his plan to force behavioral ads on Twitter users in the European Union after a recent major privacy fine for Meta.

We talked about how EU privacy regulators applied the EU’s General Data Protection Regulation (GDPR) to Facebook and Instagram, which resulted in a total of around $410 million in fines, with a third decision against WhatsApp coming soon.

The European Data Protection Board (EPBD) has issued a warning to other businesses that ignore EU data protection rules and don’t give users a choice in tracking for behavioral advertising. They also deemed the relationship between Meta and its users as “imbalanced” and criticized the tech giant for presenting its services in a misleading manner.

The EDPB’s decision on Meta’s forced consent for tracking ads could have an important impact on other platforms that have behavioral ads at the centre of their business model. The board’s decision also applies to TikTok, which sought to remove users’ ability to refuse its tracking-ads but quickly froze the move after warnings from privacy regulators.

Just because Facebook has been processing and profiting off of Europeans’ data by running unlawful ads for years doesn’t mean other ad-funded platforms will get the same treatment from EU regulators. It looks like enforcement is finally here for ad-focused businesses.