Headlines tied to the General Data Protection Regulation (GDPR) as of late have been focused on what possible fines might be levied against British Airways amid last month's news of a data breach that touched 380,000 customers. The fact remains, though, that the ledger of possible notices has been filling up with other entries.
In broad terms, the number of GDPR complaints are on the rise, and perhaps not surprisingly have been increasing in the months since the mandates took effect in May of this year. In the latest tally illustrating the trend, regulators in France have said that they have received roughly 3,700 complaints about breaches since GDPR took effect. That’s up 64 percent, according to various publications, and as reports have noted, has touched 15 million people. The French data comes on the heels of the U.K.’s own data, as referenced in this space last month, which also showed notable activity in terms of complaints.
It’s been well-known that GDPR is global in scope – and now, as evidence of that reach, comes news in the U.K. that the Information Commissioner's Office (ICO) has sent a GDPR enforcement notice to a Canadian firm. The notice, which was reportedly sent out in early July, has charged that the firm has been working to target advertising to U.K. citizens – using the personal data of those same citizens – in violation of GDPR provisions. As was noted this past June, the company had ties to Cambridge Analytica, which had in turn been tied to one of the Facebook data privacy maelstroms, where AggregateIQ had been referred to as the latter’s “Canadian office.” AggregateIQ has said, via its website, that it is not affiliated with the Cambridge Analytica and remains in “full compliance with all legal and regulatory requirements.”
It should be noted here that notification is first sent by the ICO. Reading through the document, one finds that the ICO contends the office has been in contact with AIQ (shorthand for the firm) and that the political organizations AIQ has been in contact with have been provided with personal data ranging from names to email addresses. The data was then used to target those individuals.
“In correspondence with the commissioner dated May 31, AIQ confirmed that personal data regarding U.K. individuals was still held by them,” reads the filing. “The company had acted in violation of GDPR," said the ICO, as AIG “has processed personal data in a way that data subjects were not aware of, for purposes they would not have expected … and without a lawful basis for that processing. Furthermore the processing was incompatible with the purposes for which that data was originally collected.” Damage and/or distress has been likely, said the ICO.
In the wake of that document, the company was given 30 days from the July 6 filing to cease those activities. Should it be found that the company indeed failed to redress those concerns, fines may be in the offing. As has been well-documented, those fines could be 4 percent of AIQ’s global annual revenues.
FinTech Regulation a Peru To-Do
FinTech continues to make inroads globally, and tech-nimble upstarts are being examined by regulators in terms of benefits and risks. Though recent news has centered on Africa, information has surfaced that a Peruvian politician, Lourdes Alcorta Suero, affiliated with the Popular Force Party (or Partido Fuerza Popular), last week submitted a bill stating that FinTech regulation is a national priority. Regulations, she said, are warranted in order to protect consumers.
Blog posts via Asset Finance International state that if such a bill is passed, the financial services industry watchdog known as SBS would then create and oversee regulations. The interest in FinTech comes as, for example, entries in an annual digital bank event geared toward FinTech innovation in Peru rose from seven entries four years ago to 50 this year. The site noted that per FinTech Peru, an industry association, there has been an “exponential jump” in FinTech demand.
Crypto Efforts on the Hill
In a case of putting one’s money where one’s mouth is – literally – a consortium of crypto firms, which includes Ripple, have hired the Klein/Johnson Group, a lobbying firm in Washington, D.C., to represent the companies, banded as the Securing America’s Internet of Value Coalition. The lobbying efforts will target Congress and other regulatory bodies, and the lobbying firm will be paid at least partially in cryptocurrencies. That move comes in the wake of 15 legislators on the Hill calling last week for clarity via the SEC on cryptos.