EU Regulators Expand Scrutiny On Data Practices – And Bots

European Regs Expand Scrutiny On Data Practices

It’s a new year, and in Europe, an expansion of scrutiny and laws governing data sharing.

The dawn of 2020 brought a spate of new rules governing data collection and use.

And beginning earlier in the month, new laws seek to tackle “rogue traders and online tricksters,” as denounced in a statement by Vera Jourova, the EU’s commissioner for values and transparency. That applies, too, to online ticket sales.

As reported in CIO, the directives that are now in place take aim at activities tied to entertainment and other events. For example, firms are banned from using bots in a way that allows them to buy thousands of tickets for events and then resell them for highly marked-up prices. In other examples, end users must be informed when prices are based on their internet browsing histories. Sites are also required to offer free services that inform users when data is being collected and how it may be used. And, as has been reported, breaching these rules means companies may be fined by the EU the equivalent of up to 4 percent of revenues.

Said EU Justice Commissioner Didier Reynders in a statement, “this will be a sufficiently dissuasive and effective penalty to prevent dishonest traders from cheating.”

In India, Too

In India, Reuters reports that the government has mulled changing the rules that govern digital content. Under a revamp, the strictest measures would apply to larger social media companies, according to the newswire, citing government sources. The original rules would have applied to all tech companies, not just larger ones, and would also impact eCommerce, telecom and other tech companies. The rules would mandate that companies use automated means to detect unlawful content and also appoint corporate officers for 24/7 coordination with law enforcement officials.

As reported by Reuters, the IT ministry is examining a two-tiered system for the rules. Social media firms such as Facebook and WhatsApp would face the stricter rules, which would also require that companies remove content deemed unlawful within 24 hours.

A California CFPB?

News came, too, that in California, Governor Gavin Newsom is unveiling plans to create a Consumer Financial Protection Bureau (CFPB) at the state level, which, according to reports, would overhaul the existing Department of Business Oversight. The agency would be renamed the Department of Financial Protection and Innovation.  There are other state versions of the agency, such as in Pennsylvania and New York, where efforts are focused on fighting consumer fraud and ensuring that firms comply with state laws.

Penalties in the New Year

In an example of fines tied to data breaches and compromises, the Information Commissioner’s Office (ICO) is fining Dixons Carphone £500,000 (about $650,000). As noted in this space last week, the ICO said that fraudsters had installed malware on 5,390 tills at Currys PC World and Dixon Travel stores.  Across the nine months that the malware had been installed, it affected 14 million customers and 5.6 million payment card details found their way into the hackers’ hands. The incident occurred before the advent of GDPR; the fine would have been larger under GDPR rules.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.