Speaking at the US Senate hearing, Helen Dixon has opened more than 50 investigations, some of which are expected to conclude by the end of the summer.
The 50 investigations include domestic companies, public sector bodies and tech giants. Out of the 17 multinational technology companies being investigated, eight of them involve Facebook, whilst others concern WhatsApp, Google, LinkedIn and Twitter.
Some of the investigations into the US tech giants include an probe into the Twitter breach which saw posts marked as private posted publicly, and a Facebook breach whereby millions of users’ passwords were stored in a plain text format.
“The first sets of investigations will conclude over the summer of 2019,” said Ms Dixon. Although the final decision on the multinational companies have to be approved by all 28 EU data protection commissioners.
The investigations will not just look at security issues but also at whether companies have complied with the requirement to notify the Data Protection Commissioner office within 72 hours of becoming aware of the breach. Other investigations are focusing on the notion of ‘layers of privacy’ which was introduced under the GDPR regulation in order to avoid companies providing privacy notices that are extremely long.
Ms Dixon said: “Some of the investigations that we have open relate to complaints that the user is still finding that some key information that they need from the outset is hidden behind the layers, and there isn’t always a consistency between the layers.”
Companies can be fined up to €20 million or 4% of their global turnover, if found violating the General Data Protection Regulation.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/