COVID Or No, Data Demands Compliance

data lock privacy

Consumer data privacy laws were making compliance difficult before a pandemic brought the world to a halt. But COVID-19 also triggered emergency loopholes in data legislation that relax the rules under certain conditions. Are we living in those conditions now? No one is totally sure.

As politicos like New York Senator Kirsten Gillibrand propose a new federal data watchdog agency to police data use (and presumably impose heavy fines), companies have been left wondering what data they have the right to use, and what they’re allowed to do with it.

The March 2020 Merchants Guide To Navigating Global Payments Regulations, a PYMNTS and Ekata collaboration, demystifies these data machinations as planet Earth and its humans and businesses battle a deadly mutation (COVID-19) and seek to restore bullishness across market.

Know Your Customers’ Data

The proliferation of data privacy laws has been a mixed bag, as 2019 was a banner year for data theft. While governments bring the big players — Facebook, Google, Apple — to heel for privacy missteps, state-level bad actors and hacker groups are conducting successful mass data raids and not, it seems, worrying about compliance or lawmakers or even fines.

In the latest Merchants Guide To Navigating Global Payments Regulations we find that dastardly data deeds aren’t stopping despite COVID-19. “Sixty-three percent of U.S. businesses experienced at least one data breach that compromised a minimum of 1,000 records in 2019,” the report states. “Coming up with comprehensive rules regarding what data may be shared and how will provide deeper layers of protection for businesses and consumers while also allowing the former to create more personalized services and compete on a global stage.”

It’s not like U.S. businesses haven’t been trying, expending an estimated $82 million on compliance solutions in just the past 12 months. But business owners are worried about keeping up with privacy laws that are getting stricter and painfully convoluted.

“Fragmentation in U.S. privacy standards is such that merchants can have full access to consumers’ personal data in one state but may be unable to touch crucial details in another — an especially frustrating factor for merchants that conduct business online,” the report states.

“The guidelines for data transmission state by state are equally unclear: Legislators in Washington [state, for example] are adamant that large technology companies like Google should not have access to the personal information they currently do, for example. This represents a problem for smaller merchants as well because many rely on companies like Google or Facebook for the data they use to market to or interact with customers.”

A Season of Fines

The need for merchants to comply with data privacy laws in their home state and country is tough enough. But comprehending and complying with data privacy laws globally is what many online sellers must do. For many companies it’s solution-shopping time while the legal situation sorts itself out, and the sci-fi scenario we’re living through ultimately comes to an end.

One thing’s for sure: lawmakers are serious. “Regulators have issued $126 million in fines for noncompliance since [GDPR’s] 2018 introduction, but it is worth noting that much of that figure comes from larger fines levied against companies like Google. Many smaller merchants are relying on their banking partners for GDPR compliance and have thus kept up with the rule.”



The September 2020 Leveraging The Digital Banking Shift Study, PYMNTS examines consumers’ growing use of online and mobile tools to open and manage accounts as well as the factors that are paramount in building and maintaining trust in the current economic environment. The report is based on a survey of nearly 2,200 account-holding U.S. consumers.