Technology giant Microsoft has decided to set aside $425mn as a provision to pay for an expected fine that it anticipates receiving from the Irish Data Protection Commission (DPC). This penalty is due to a probable violation of the General Data Protection Regulation (GDPR), which was allegedly committed by its subsidiary social media site, LinkedIn. Microsoft plans to appeal against the decision once it is finalized, stating that it will defend its compliance with GDPR rigorously.
The Irish DPC started investigating LinkedIn in 2018 after receiving a complaint that the company was using targeted advertising practices that violated GDPR. By monitoring consumer behavior, LinkedIn created unique attributes to classify consumers into different categories that helped the company to display ads that aligned with the interests and values of the end-user. According to the Irish DPC, LinkedIn’s targeted advertising practices were in violation of GDPR. There is no set timeline for when the DPC will issue a final decision.
Microsoft received the preliminary draft decision from the Irish DPC in April with the findings, following which the company complied with the inquiry and decided to set aside the financial provision. The funds will be reserved in the fourth quarter of 2023.
The GDPR was introduced by the European Union in 2018 with the aim of ensuring that consumer data is protected and user privacy is respected. GDPR applies to businesses that handle the personal data of individuals living within the EU, regardless of where the company is based.
The regulation imposes significant penalties on businesses that violate GDPR. According to the GDPR legislation, if a company is found guilty of violating GDPR, it could face a fine of up to €20mn, or 4% of its total worldwide annual revenue, whichever is higher. The fine can be quite substantial. For example, in 2019, Google was fined €50mn by the French data regulator under GDPR.
Microsoft’s decision to set aside the financial provision to pay the expected GDPR fine highlights the importance of complying with the regulation. It also demonstrates the significance of data privacy and cybersecurity concerns in this digital age.
Moreover, governments and regulatory bodies worldwide are paying more attention to data privacy and cybersecurity concerns. These factors can significantly impact user trust in businesses, and violations can have severe consequences for the company’s image and reputation.
Companies must take data privacy and cybersecurity seriously and comply with GDPR’s regulatory requirements. Businesses must ensure that they have the necessary safeguards in place to prevent data breaches and protect user privacy.
In conclusion, Microsoft’s decision to set aside a financial provision of $425mn highlights the importance and significance of data privacy regulations, such as GDPR. It also serves as a reminder to companies to ensure compliance with data privacy regulations and take cybersecurity concerns seriously.