educational

GDPR Fines Have Arrived, Are You Prepared?

GDPR Fines Have Arrived, Are You Prepared?

Before I get into the latest and greatest from the world of data protection and the GDPR, I would like to take a moment to talk about my personal experiences from the 2019 XBIZ tradeshow. I’ve grown increasingly tired of hearing people complain about industry tradeshows and focus solely on the quantity of attendees; the fact is that everyone likes to complain and always will. This year’s 2019 XBIZ tradeshow was a tremendous success and I feel sorry for those who missed out. The mood was set from the opening night with the incredibly popular “Rooftop Rage,” sponsored by MojoHost and Silverstein Legal.

Sure, I’m a little biased because I co-sponsored the event, but given the personal messages that I’ve received, this event was a hit. I’m told that the Rooftop Rage ended up being the start of new ventures and collaborations for many in the industry. The rest of the show was equally impressive and the entire XBIZ team deserves credit for a job well done. The seminars were packed wall-to-wall, the awards shows were memorable celebrations of the best-of-the-best and everywhere I looked meetings were taking place and business was getting done — if that’s not a successful tradeshow then I have no idea what is.

Far too many companies continue to not take the GDPR seriously and I have no doubt that eventually this line of thinking will backfire; it’s just a matter of when.

As luck would have it, I received my first XBIZ Exec Award at this year’s show and I was truly honored and humbled by the experience. I’m told that I’m the first lawyer in the award show’s history to receive an XBIZ award and I don’t think I have adequate words to express my appreciation to the adult industry for providing me this recognition. Incredibly, I was even honored on the same night as Stephen Yagielowicz who was presented with a special award for his nearly 20 years of journalistic work for XBIZ. I’ve always admired Stephen and find it amazing to have shared this award-winning evening with him.

Now that I’ve gotten that out of my system, it’s time to talk about the latest news concerning the GDPR and it isn’t good. In the later part of this past January, Google was assessed fines in the amount of 50 million euros (approximately 57 million USD) by a French regulator for violations of the GDPR. Most experts and journalists seem to agree that this is being considered the first major financial penalty assessed on anyone since the GDPR became enforceable. Google has promised to appeal (as they should) and this will be a case that everyone should continue to follow.

In terms of what happened, France’s National Data Protection Commission alleged and found that Google failed to present information about data-processing purposes and data-storage periods in the same place, sometimes, requiring users to make five or six clicks to obtain the information. In a statement released with the announcement of the fine, Google was fined over “a lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.” In summation, Google was found to not have obtained prior consent from Google users for the data it collects for the numerous services it provides.

Many companies in the adult industry have made the GDPR a priority and have taken steps to either become GDPR compliant or to start the process. Those companies making the effort are truly acting as prudent, responsible business operators. However, the problem is that the majority of companies in the adult industry are not treating the GDPR as a serious matter. In preparation for writing this article, I polled some adult business operators and asked them for the main reasons why they haven’t taken GDPR seriously and here are the top five responses:

  1. I don’t know what the GDPR is;
  2. It costs too much to become compliant;
  3. I’ll deal with it when/if the adult industry is targeted;
  4. I’m located in the United States, so it doesn’t apply to me;
  5. I’m waiting to see what everyone else does;

These are all horrible reasons that can each lead to disastrous consequences. So here are my simple responses to each of these excuses for not getting serious about GDPR compliance:

1 - I don’t know what the GDPR is;

The GDPR went into effect in May 2018 and is a massive set of regulations that amongst other things, creates strict rules on processing and storing data. The GDPR also covers the export of personal data outside of the E.U. and European Economic Area (EEA). The GDPR requires businesses to seek explicit consent before businesses collect or use personal data. The GDPR has set specific rules about when and how businesses must provide users with a copy of their personal data and when businesses are required to report data breaches. I should note that the GDPR is substantially more complex and covers far more, but I’m severely limited in space for this article; I’d need a few thousand pages to cover it all. The GDPR text alone takes up 261 pages).

2 - It costs too much to become compliant;

Yes, it’s true that there are pretty hefty legal expenses associated with getting GDPR compliant but instead of thinking of the cost let’s discuss the possible fines allowed under the GDPR. Up to 20 million euros or 4 percent of your worldwide annual revenue of the prior financial year, whichever is higher. My response to those businesses who indicated legal costs were their primary concern in delaying GDPR compliance was, “would you rather spend a few thousand dollars now or pay a few million euros later?” I’m sure that you can guess how everyone responded to that.

3 - I’ll deal with it when/if the adult industry is targeted;

That is the same attitude that people took in 2010 when the President of the United States signed the Restore Online Shoppers’ Confidence Act “ROSCA” into law. Since that time, millions of dollars in fines and penalties have been assessed against adult industry businesses for ROSCA violations.

4 - I’m located in the United States, so it doesn’t apply to me;

Wrong. The GDPR applies to your company if it processes personal data of an individual residing in the E.U. when the data is accessed. The GDPR even applies if no financial transaction occurs. Note: I have yet to provide a consultation to any successful online business who isn’t impacted by the GDPR in some manner.

5 - I’m waiting to see what everyone else does;

This response makes sense, but is a terrible way of thinking. What happens when you are one of the early targets of regulators? By then, it will be too late.

The GDPR isn’t going away and this fine against Google is simply the first of many. Far too many companies continue to not take the GDPR seriously and I have no doubt that eventually this line of thinking will backfire; it’s just a matter of when.

Now is the time to be talking to lawyers such as myself who understand the GDPR and can properly assist you in becoming compliant. Kicking the can down the road is not going to work with the GDPR. As an aside, the rest of the world’s governments are taking data privacy and security far more seriously and are actively following enforcement of the GDPR. It’s not beyond the realm of imagination that we will be seeing more stringent laws coming from the federal level in the United States very soon; the State of California is already moving forward with its own online privacy laws that take effect in January 2020.

This article does not constitute legal advice and is provided for your information only and should not be relied upon in lieu of consultation with legal advisors in your own jurisdiction. It may not be current as the laws in this area change frequently. Transmission of the information contained in this article is not intended to create, and the receipt does not constitute, an attorney-client relationship between sender and receiver.

Corey Silverstein is the managing and founding member of the Law Offices of Corey D. Silverstein. His practice focuses on representing all areas of the adult industry and his clientele includes hosting companies, affiliate programs, content producers, processing companies, website owners and developers. He is licensed in numerous jurisdictions, including, Michigan, Arizona, Georgia, New York and the District Columbia. Contact him at MyAdultAttorney.com, corey@myadultattorney.com or (248) 290-0655.

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Navigating Age-Related Regulations in Europe

Age verification measures are rapidly gaining momentum across Europe, with regulators stepping up efforts to protect children online. Recently, the U.K.’s communications regulator, Ofcom, updated its timeline for implementing the Online Safety Act, while France’s ARCOM has released technical guidance detailing age verification standards.

Gavin Worrall ·
opinion

Why Cyber Insurance Is Crucial for Adult Businesses

From streaming services and interactive platforms to ecommerce and virtual reality experiences, the adult industry has long stood at the forefront of online innovation. However, the same technology-forward approach that has enabled adult businesses to deliver unique and personalized content to consumers worldwide also exposes them to myriad risks.

Corey D. Silverstein ·
opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
Show More