Interviews, insight & analysis on digital media & marketing

Socially irresponsible: How data protection fines from Big Tech and social media platforms are eroding digital trust

By Angel Maldonado, CEO at

GDPR was meant to change things. But fast forward to 2023 and Big Tech companies are still pushing the bounds of consumer digital privacy.

They have the fines to prove it. This January, Meta was handed a €390m penalty for breaches across Facebook and Instagram, regarding the use of personal data to target advertising. It’s the latest ruling in the ongoing fight between Meta and Ireland’s Data Privacy Commissioner: to date, Meta has now been fined €1.3 billion euros by the DPD. But Meta isn’t alone in falling foul of EU regulations – Amazon still holds the GDPR fine record for its €746 million penalty, issued in 2021.

Regulation or no regulation, there’s still an unethical attitude that consumer data is there for the taking. GDPR didn’t deliver the hoped-for transformation in data relationships because businesses saw it as a legal burden or a boundary to test, not an opportunity to evolve. The almost deliberately confusing consent banners on websites – and the fact that Google is continuing to kick its third-party cookie ban down the road – demonstrates the widespread lack of commitment to consumer protection.

The problem for businesses is that consumers had a different response to GDPR. Beyond the relief of cancelling forgotten email subscriptions, the legislation awakened the public to the use and misuse of their personal information, creating increasingly data conscious consumers who want more control and clarity around their data.

The result is a tense relationship between tech companies and consumers as they battle over individuals’ personal information. Big Tech’s continued privacy breaches and abuses are polluting the digital ecosystem and creating an environment of distrust where consumers – with good reason – feel unsafe online. Exploitative business models have turned people into personal information mines, with no thoughts as to the consequences of selling such detailed, historically private information. The impact the business models currently implemented by Big Tech have not only on consumers but businesses can’t be understated. The likes of Google and Meta now make up so much of the digital infrastructure that we are all reliant on in a modern society, the knock on effects of these privacy breaches are huge.

However, there’s a financial, as well as ethical, imperative for companies to change the way they do things, beyond avoiding the DPD’s fines. As data awareness increases, consumers are using privacy practices to decide between different brands. Research published last year by McKinsey found that almost one in two (46%) of consumers will often or always consider another brand if the one they are considering purchasing from is unclear about how they will use their data. And 53% of consumers will make online purchases or use digital services only after making sure that the company has a reputation for protecting its customers’ data, rising to 58% among millennials and Gen Z.

Repairing tech’s reputational damage and restoring digital trust will take time – but it is possible. It will demand a complete attitude shift on behalf of tech and social media companies. Instead of looking to extract the maximum information from every individual, businesses should lead with a privacy-first approach that protects consumer data as if it were their own.

Privacy-first doesn’t mean downgrading consumer interactions. For instance, AI tools can still provide retailers with actionable consumer insights and give customers shopping contextualisation by drawing on collective shopping behaviour, rather than individual shopper actions. This means no personally identifiable information such as user IDs, location data, images, voice, device or browser information are stored and consumers don’t have to trade personal information for access. It’s the ethical, empowering way of relating to consumers in this digital age.

The recent fines levied against Big Tech are more than million-euro headaches for their lawyers and accounting teams. They represent the continual smashing away of consumer trust and the destruction of the relationship between companies and customers, which is warping the digital ecosystem. But it’s not too late to turn things around. Choosing to empower consumers through a privacy-first approach can repair this relationship and help end the data battle, giving consumers maximum respect whilst still using behavioural insights to curate digital experiences.

GDPR was meant to change things – now privacy-first can pick up the baton.