The Data Privacy Periodic Table continues to be well-received and widely shared and commented upon. Since our last update in January, data privacy has barely left the news. Proposed fines have been awarded to some of the biggest brands, including British Airways (£183.4m) and Marriott Hotels (£99m – announced 24 hours after British Airways), AI and automation commentators continue to debate how to progress within the boundaries of Privacy by Design, and there have been constant updates to new local and national draft laws.
The British Airways fine in particular is interesting as it represents only 1.5% of BA’s turnover, far behind the maximum 4% that the GDPR permits. To the casual observer it therefore seems a light penalty, but in fact it is probably a carefully chosen figure – more than enough to provoke shock and awe across the industry and media, but not so high as to be easily challenged. It’s also a far cry from the £500,000 that the ICO’s powers used to permit, continuing the trend of Supervisory Authorities being willing and perhaps eager to use their powers to punish the most grievous and negligent offences.
And so to this update of the Data Privacy Periodic Table. While data privacy has largely been kept at the forefront of our minds by brash headline-grabbing fine announcements, the changes on this occasion are conversely driven more by the subtleties of the laws themselves.