And...Tim Cook calls for GDPR-style privacy laws in the US
Earlier this year it was revealed that 87 million Facebook users had their data compromised over 7 years, between 2007 and 2014. Due to misprocessing information, Facebook gave developers unfair access to user info without their consent. One developer, Aleksandr Kogan, took data that was later used by SCL Group, more recognized by the name of one of its companies, Cambridge Analytics, who was involved in US political campaigning.
Facebook didn’t protect their user information because it didn’t adequately keep checks on apps and developers on the platform. Even friends of people using the unchecked apps were compromised.
Facebook’s missteps continued. Even after discovering the breach in December 2015, Facebook again neglected to take proper steps, such as blocking the Cambridge company from the platform and user data for 3 more years, until 2018.
The Information Commissioner’s Office’s (ICO’s) investigation discovered these details and also found that among the 87 million compromised users, the personal information put at risk included one million UK users. The ICO found these violations extremely serious and pointed out that given Facebook’s size and expertise, it should have known and done better a better job protecting its users. The CIO imposed the maximum fine it could, £500,000, under the Data Protection Act of 1998, the existing law applicable at the time. This law has since been replaced by the 2018 GDPR and had the GDPR been in place, the penalty would have been significantly more.
The ICO is the UK’s independent regulation body for data protection and information rights. It carries out the responsibilities of the UK Data Protection Act 2018 (DPA2018) and the GDPR, among others.
The same week this GDPR fine came down, Apple’s CEO Tim Cook went on record praising Europe’s GDPR policy and its successful implementation. A longtime advocate of data privacy, Mr. Cook believes the US needs to follow suit with this level of commitment in federal regulations – including teeth in the form of penalties for violators to protect people’s information and rights to privacy.
Critics of such regulations claim these rules would inhibit innovation but Tim counters that people need to have faith in technology versus being threatened by it. With continual massive breaches happening on a near-daily basis, security experts are more in alignment with Mr. Cook’s sentiments than not. Most agree businesses must take data protection with the utmost seriousness to restore the public’s trust. To that end, strong regulations have a way of enforcing a higher level of commitment and effort.
Sources:
https://www.engadget.com/2018/10/24/tim-cook-calls-for-gdpr-style-privacy-laws-in-the-us/