Microsoft is preparing to pay a substantial fine of $425 million in relation to alleged privacy violations by its subsidiary LinkedIn, according to Reuters. The tech giant announced this week that it expects the fine to be levied in the second quarter of 2023. The Irish Data Protection Commission (IDPC) initiated an investigation into LinkedIn's targeted advertising practices back in 2018, suspecting a violation of Europe's General Data Protection Regulation (GDPR).
Despite the looming fine, Microsoft has stated that it will formally dispute the fine once the IDPC releases its final order. “After review and analysis, the company would increase its existing reserve for the matter and, based on current exchange rates take a charge of approximately $425 million in the fourth quarter of fiscal year 2023”, a Microsoft spokesperson said.
The IDPC has been actively enforcing GDPR compliance recently. In May, the regulatory group's investigation into Meta (formerly Facebook) resulted in a hefty €1.2 billion ($1.3 billion) fine issued by the European Data Protection Board (EDPB). The social media giant was accused of inadequate privacy safeguards for transferring personal data from its European servers to the US, a violation of the GDPR. Meta said it plans to appeal the ruling, arguing that there was a conflict between the EU and US privacy regulations and that blocking data transfers would harm the global economy and internet services.
GDPR Compliance: Recent Cases
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Twitter's New Policy: A GDPR Compliance Measure?
Twitter recently announced a new policy requiring academic researchers to delete any Twitter data they have collected using the Twitter API unless they pay for a premium or enterprise access level. The policy, set to take effect on June 30, 2023, has sparked outrage from the academic community, who argue that it will hinder their ability to study and analyze social phenomena on the platform. Twitter claims that the policy is intended to protect user privacy and comply with data protection laws, such as the GDPR. However, many academics have criticized the policy as unfair, arbitrary, and detrimental to scientific research.
OpenAI and the EU's Proposed AI Regulation
OpenAI CEO Sam Altman recently commented on the proposed AI regulation by the European Union, stating that OpenAI could cease operating in the EU if it was unable to comply with the new AI legislation. The legislation, still undergoing revisions, aims to create a legal framework for the development and deployment of AI systems in the EU, with a focus on ensuring safety, transparency, and accountability. Altman later clarified that he was excited to continue operating in the EU and that he had no plans to leave. He also expressed his appreciation for the EU regulators' willingness to listen and collaborate.
Google Bard: GDPR Concerns Delay EU Launch
Google´s Bard AI chatbot is currently unavailable in the EU due to potential GDPR concerns. The GDPR requires companies to obtain consent from users before collecting and processing their data. Bard, like other chatbots powered by large language models, relies on massive amounts of data to generate responses. Some of this data may contain personal or sensitive information that could violate the GDPR if not handled properly. Google has not specified the exact GDPR issues preventing Bard's launch in the EU but is reportedly working on resolving these issues.