Regulators are handing out fines for GDPR violations, that while relatively small can have a large impact on the push for sharable identity by drawing attention to how large companies use data.
The largest fine to date came Tuesday, when the French data protection agency CNIL fined Google about $57 million for not meeting GDPR responsibilities when onboarding Android users. The technology giant didn’t provide adequate information about data consent policies and not did it give enough control to consumers over data usage, CNIL said, adding Google has not yet fixed these violations.
GDPR, which went into effect in May 2018, is a European regulation that is expected to have a global impact since many U.S. companies do business in Europe. There’s also a trend toward protecting consumer data, given the spat of data breaches in recent years and concerns about large card issuers and other institutions having centralized control over data.
A gold colored Google Inc. logo sits on a sign outside the company's offices in Berlin, Germany, on Friday, Aug. 16, 2013. Google, based in Mountain View, California, is seeking to revive Motorola Mobility's smartphone business, recently announcing a new flagship Moto X smartphone with customizable colors that will be assembled in the U.S. Photographer: Krisztian Bocsi/Bloomberg
Krisztian Bocsi/Bloomberg
These concerns are pushing digital ID and other forms of portable authentication. Much of the technology, such as blockchain, decentralizes consumer access and thus gives users more control over data. That would lessen the ability of large corporations to analyze consumer data without consumers being more involved in the opt out process.
"The influence of GDPR is definitely helping to bring these issues to the forefront. Issuing fines to big, well-known companies like Google is one major way that consumers will hear about these issues," said Gee Chuang, co-founder of Listia, a Sunnyvale, Calif.-based digital marketplace. "As more consumers start thinking about data ownership and the concept of owning your own digital ID, companies and services will feel increased pressure to shift to a more decentralized model. Users will start to demand that companies let them own their own identity and reputation.”
The GDPR fines are more of a reminder of the debate between centralized and decentralized data control than a financial burden, particularly since it’s not the first time in recent months Google has found itself on the critical side of a data issue.
Google did not answer questions on if it planned an appeal or an update to its compliance technology. In an email, Google’s public relations office said: “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.”
Google also faces several complaints from European consumer groups claiming GDPR violations, and several other GDPR fines have already been handed out, including a fine of about $650,000 to a Portuguese hospital for unauthorized patient record access and a levy of about $35,000 to a German social networking site for a personal ID information release.
These fines aren’t large for a company like Google, though the levy is substantial when localized to France. The French CNIL based its fine amount on Google’s activity in France, which is about 15 percent of Google France’s 2017 net sales of about $370 million in 2017. Under GDPR’s fine cap of 4 percent of yearly net sales, regulators could have fined Google more than $3 billion based on Google’s overall net sales of about $93 billion in 2017. The CNIL could not be reached for comment.
Google reportedly paid millions of dollars to Mastercard as part of a data sharing agreement. The companies were criticized after the deal, though both Google and Mastercard say they have opt-out agreements for data usage and pushed back against media characterizations of a data sharing deal. However, the relationship is expected to inspire a fierce data battle among large card companies, search companies, merchants and financial institutions to optimize the marketing and cross-selling power of data.
“Fines will certainly help to keep focus, but the trend to digital ID is a more general one,” said Ron van Wezel, a senior analyst at Aite Group, adding one of the objectives of GDPR is to give people more control over their data. “That applies to how data is used, and for which purpose…digital identities can help securely authenticate customers and give them control.”
The expansion of alternatives to Google could also push digital ID and decentralized data sharing in addition to GDPR compliance pressure.
“If Microsoft and Apple implemented competitive products that leverage a self-sovereign environment, that could move the market much faster,” said Tim Sloane, vice president of payments innovation at Mercator Advisory Group, adding large internet companies won't change their data control strategy quickly given the impact on revenue. “Even better would be a solution similar to Sovrin which enables the exchange of value in return for the release of personal information.”
The bank's investors hope to see the small community bank in Utah transform and grow into "a minority-owned version of Ally," as board chair Ashley Bell put it.
Federal Reserve Chair Jerome Powell said the changes could touch the central bank's quarterly economic forecasts. He also discussed downsizing at the Fed and his tenure on the board of governors.
Both regional banks operate health savings account businesses, which could gain more customers, more fee revenue and more low-cost deposits if Congress includes a major HSA expansion in its final budget reconciliation bill.
Bill Pulte's social media posts saying inflation has fallen far enough added to intensified political pressure on the independent Federal Reserve chairman.
Even as unpredictable trade policies slowed down mergers in other sectors, banks have kept inking M&A deals at the same pace, according to a new report.
