2023 was certainly an eventful year in the technology field. To name just a few key moments: generative AI became mainstream thanks to software like ChatGPT; we had to say goodbye to the iconic blue bird while welcoming Twitter’s new name (I know well the pain of writing ‘X, formerly known as Twitter’ over the past six months); and major tech companies received the heaviest fines for GDPR data misuse, totaling more than $3 billion.
Well, on this last point, data protection regulators’ efforts did not prove as effective as hoped.
The Swiss privacy company behind the popular email and VPN service Proton reported that companies such as Meta, Google, Apple and Microsoft only made enough money to pay off all last year’s fines after a week in 2024. Let’s take a look at what needs to change and, most importantly, what you can do in the meantime to truly protect your privacy.
Ineffective data protection fines
“What is clear is that these fines, while appearing to be huge amounts, are in reality just a drop in the bucket when it comes to the revenues the tech giants generate. In other words, they are not a deterrent at all,” says Jurgita Miseviciute, Head of Public Policy & Government Affairs at Proton.
Researchers at Proton have calculated that Alphabet (Google’s parent company) will need just over a day to pay off the $941 million in fines. Amazon and Apple’s revenue from just a few hours would then be enough to repay their data protection penalties of $111.7 and $186.4 million respectively.
While the largest perpetrator of data abuse, Meta, which received a record fine of $ 1.3 billion (wrong) processing of EU user data in May last year, managed to collect all the necessary funds in just about five working days.
If you think big fines work for #BigTech, think again. @Google, @Apple, @Meta, @Amazon and @Microsoft have generated enough revenue in the past seven days to pay off their 2023 fines. Taking advantage of your privacy is so lucrative that these fines are nothing more than the costs… pic.twitter.com/cGprAwS0hoJanuary 8, 2024
These findings make it clear that data regulators’ fines are, as Proton founder and CEO Andy Yen put it, “little more than pocket change for these companies” rather than a means to prevent them from misusing users’ data. And not only that, he said, because “these minuscule fines essentially give tech giants the green light to make waves in a market that is in their favor.”
It is also quite common for large tech companies to invoke these sanctions or simply refuse to pay, delaying repayment for years. Take for example how Google challenged India’s fine over the Android-related investigation for abusing its dominant position in the market that started in 2019.
At this point, Yen said: “It’s the average consumer who is losing out: they’re facing higher prices, less choice and no privacy. It has to stop and we need real, tangible change that puts people first, and not the profit.”
According to Miseviciute, there are two important things that need to happen before anything really changes.
Did you know?
Fully effective in May 2023, the EU digital market law (D.M.A.) brought new obligations for technology companies to ensure fair competition and protect people’s digital rights. A similar bill, the so-called Digital Markets, Consumers and Competition Bill (DMCC) is also currently going through the British Parliament.
To start with, she believes that governments should intervene fines with a real financial effect to fight back against the big monopolies.
“That is why fines of up to 20% of global revenues for violations of laws such as the EU’s DMA (Digital Market Act) and up to 10% in the case of the proposed DMCC (Digital Markets, Competition and Consumers) Bill in Great Britain are Britain is a step in the right direction,” she told me.
If tougher sanctions are important, they are not everything. Miseviciute explained that regulators must do that combine these with practical measures such as forced behavioral and structural changes.
Once again, she believes that the EU is well placed to do this, thanks to the new powers it has acquired with the DMA. Elsewhere, however, there are also some small steps in this direction.
“We hope that Google’s antitrust lawsuit in the US will serve as a catalyst for comprehensive antitrust regulation across the Atlantic. We also see promising potential regulatory developments in South Korea, Japan, Australia and other major jurisdictions,” he said. she me.
“If you open up the market and give innovators like Proton a chance to succeed, you get solutions that are more private and safer for consumers.”
How to protect your online privacy
As we have seen, 2023 was another difficult year for our online privacy.
For example, the US still lacks a federal data protection law, while the proposed ADPPA has still not been implemented at the time of writing. India’s new privacy law, which came into effect in August last year, was strongly criticized for favoring the government and big tech over citizens. Well, where supposedly strong legislation is in place, such as in the EU, it does not seem to have enough teeth yet.
Commenting on this point, Miseviciute told me: “Until laws like the DMA in the EU and the proposed DMCC in Britain are effectively put into practice, we live in a world where big tech rules the Internet – and all our privacy is at stake. mercy of their business model of surveillance capitalism.”
Did you know?
Two-thirds of people in Britain would rather lose their passport than access their email account. But despite these concerns, most of them lack the necessary knowledge and tools to protect their digital privacy. Big Tech knows that, researchers revealed.
A bright spot in this bleak scenario is that it is ultimately our choice whether we want to continue using data-hungry products. Fortunately, there are some smaller companies offering privacy-first alternatives that you can switch to.
For its part, Proton seems to have been working hard to banish Google from our digital lives. Likewise, the Switzerland-based provider offers encrypted email service Proton Mail (which even beat the big tech giant by landing a standalone desktop app in December), secure calendar, and its own cloud storage Proton Drive.
Proton’s product offering also includes one of the best virtual private network apps on the market (Proton VPN) to help you increase your anonymity while browsing, as well as a password management tool (Proton Pass) to secure all your login credentials. Even better because all of the provider’s services come with both free and paid plans.
However, Proton is just one of many companies developing privacy-first alternatives to big tech software. Also worth mentioning is the encrypted messaging app Signal if you want to replace WhatsApp with a more secure application and the Mullvad browser to make the switch from Safari and Chrome.
We test and assess VPN services in the context of legal recreational use. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protect your online security and strengthen your online privacy abroad. We do not support or tolerate the illegal or malicious use of VPN services. Consuming pirated, paid for content is not endorsed or condoned by Future Publishing.