On May 9, Texas Attorney General Ken Paxton announced that Google had agreed to pay $1.375 billion in a settlement agreement with the state regarding allegations of violating user data privacy.
Not only Google, many large technology companies have also been involved in many lawsuits related to user personal data violations, showing the importance and strict level of personal data protection in developed countries.
According to statistics from the United Nations Conference on Trade and Development (UNCTAD), there are currently more than 107 countries, including 66 developing or transitioning economies, that have regulations related to this field, these countries include the US, Japan, Singapore, Thailand, etc.
Although the principles of privacy are widely recognized, the understanding and implementation are different between countries.
On the international level, many organizations have developed notable guiding frameworks. APEC has issued rules for cross-border personal data exchange, with a revised version in 2015.
ASEAN is currently in the process of discussing building a regional personal data protection platform.
Within the framework of the World Trade Organization (WTO), the Trade and Service Agreement allows countries to apply measures to protect personal privacy, as long as it does not create discrimination or disguised barriers.
The Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) also requires member states to maintain a legal framework for data protection in e-commerce and ensure fair handling of violations.
One of the most popular and most-respected models today is the General Data Protection Regulation (GDPR) of the European Union, effective from May 25, 2018. This regulation applies to all businesses that process personal data of EU citizens, regardless of where their headquarters are located.
GDPR requires data collection units to implement organizational and technical measures to limit data processing, only collect truly necessary information and serve the right purpose. In addition, users have the right to transfer their data to other processing units if necessary.
In addition, in some countries such as the US, the legal system related to personal data is very diverse and complex. Basic principles such as minimizing data, limiting usage purposes, ensuring accuracy, limiting storage time, implementing security and transparency in information collection are all emphasized.
Violations can be subject to civil or criminal penalties depending on the level. For example, the California Consumer privacy Act (CCPA) stipulates a fine of up to $7,500 for each intentional violation and $2,500 for each intentional violation.
The Federal Trade Commission (FTC) can fine up to $250 per violation of confidential information. Some serious violations can be fined up to 1 million USD and sentenced to prison.
States such as Connecticut also have their own laws, with fines of up to $5,000 per violation.
