Last month Amazon was hit with the highest personal data fine to date. A whopping $886.6 million (746 million euros) fine was levied against the corporation by the European Union fine for processing personal data in violation of the bloc’s GDPR rules. This action foreshadows a privacy climate in which enforcement will be the norm, trending away from the spotty enforcement of the past.
As the United States barrels towards the effective dates for both CPRA and CPA, organizations will have to put their heads down and begin preparation to achieve compliance come 2023.
Download your CPRA resource guide here.
Truyo’s Dan Clarke, who is heavily involved in North American privacy legislation, says he believes this fine against Amazon was not the result of a data leak. What does this mean for organizations? It tells us that enforcement will heavily focus on consumer consent. “What I’ve heard unofficially is that the consent to process data for targeted advertising was buried in the terms and conditions,” says Clarke. “That is very significant for the marketplace because it’s not just an initial fine, it’s an ongoing fine if they have not completed renumeration.”
While Amazon will have the opportunity to appeal the fine, and most likely will, organizations that will be affected by the upcoming legislation will need to start preparing now as enforcement ramps up in the meantime. We’ve heard the Colorado governor state in no uncertain terms that the CPA will be enhanced between now and its effective date to ensure protection for consumers.
“It’s becoming more and more challenging to come up with a superset of privacy laws,” says Clarke. “As of right now it’s possible, but it is not best practice. It’s important to adapt to each geographical area in which you do business to avoid gaps in compliance.”
To prepare for CPRA and CPA, Truyo recommends organizations begin internal risk assessments immediately. The Truyo Privacy Impact Assessment Tool will aide in identifying risks that can be managed and mitigated in preparation for the 2023 effective dates. The Truyo platform also provides compliant documents, vetted by the country’s leading privacy law firm.
To learn more about how the Truyo platform can help your organization reach compliance with GDPR, CCPA, and upcoming legislation, please reach out to hello@truyo.com.