Tech Company Execs Sweat Personal Liability for Privacy Violations
Thursday, May 16, 2019
privacy violations
Print Mail Download i

In the Privacy Law classes I teach in the Brown University Executive Masters of Cybersecurity and at Roger Williams University School of Law, we discuss the enforcement authority that the Federal Trade Commission (FTC), the Office for Civil Rights (OCR) and other federal and state agencies have over data privacy and security, including how effective the enforcement has been over the past decade. In the wake of massive data breaches, my classes uniformly are of the opinion that the present enforcement scheme is not a big enough stick to deter big tech companies from collecting, selling and monetizing data.

Recently, members of the FTC have publicly lamented that this is true. What look like large fines against tech companies that have violated consumers’ privacy are often not sufficient to act as deterrents, such as the $5.7 million levied against Musical.ly (or TikTok), which was less than 1% of the parent company’s annual revenue, and therefore inconsequential to company executives.

According to one member of Congress, “for large companies, fines are simply a cost of doing business.” This is consistent with my classes’ conclusion. Facebook is poised to pay a significant fine and has set aside $3-5 billion (yes, that’s with a “b”) to pay for various alleged privacy violations. Many observers have opined that this is a drop in the bucket for Facebook, and is not enough to change behavior.

Perhaps the private right of action in the California Consumer Privacy Act, which takes effect in 2020, will change tech companies thoughts about privacy violations. Congress is looking into how the FTC and other agencies can regulate the big tech companies, and candidates for the Presidency have gotten into the fray, with one declaring that the tech companies should be broken up. The FTC has publicly stated that it is looking into assessing personal fines against company executives as a way to encourage compliance.

No matter how this shakes out—and it will—the present discourse should be enough for tech company execs to be concerned about personal liability. Executives may want to start focusing on the organization’s data privacy and security plan, and making policy decisions on its implementation a top priority.

Copyright © 2024 Robinson & Cole LLP. All rights reserved.

Current Legal Analysis

More from Robinson & Cole LLP

FTC Votes to Finalize Rule Banning Non-Compete Agreements Nationwide
by: Ian T. Clarke-Fisher , Trevor L. Bradley
Cisco Releases Updates to Vulnerabilities in Firewall Platforms
by: Linn F. Freedman
USPTO Issues Guidance on Use of AI Based Tools
by: Daniel J. Lass
California Trap & Trace Class Actions on the Rise in the Age of Website Trackers
by: Kathryn M. Rattigan
Aid Package Signed by President Biden Includes Divestiture of TikTok Requirement
by: Linn F. Freedman
Privacy Tip #395 – GM Faces Class Action for Collecting + Disclosing Drivers’ Data Without Consent
by: Linn F. Freedman
AI, Government Contractors, and Employment Discrimination
by: Data Privacy & Cybersecurity Robinson Cole
Chicago’s Application of Parking Regulations Violates RLUIPA
by: Eden (Hunter) Yerby
The Department of Education Releases Significant Revisions to Title IX Regulations
by: Kathleen E. Dion , Seth B. Orkand
Privacy Tip #394 – Colorado Amends Privacy Law to Include Neurodata
by: Linn F. Freedman

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins