A week into 2024 and Big Tech has earned enough to pay off all 2023 fines

“Things need to change,” said Swiss privacy firm Proton

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

2023 surely was an eventful year in tech. To cite just a few key moments, generative AI became mainstream thanks to software likeChatGPT; we had to say goodbye to the iconic blue bird while welcoming Twitter’s new name (I know very well the pain of writing ‘X, formerly known as Twitter’ over the past six months); and big tech companies got fined the most under GDPR’s data abuses for a total of more than $3 billion.

Well, on the latter point, data protection regulators' efforts turned out to be not as effective as it was hoped they’d be.

Swiss privacy firm behind popular email andVPN service, Proton reported that only after a week into 2024 the likes of Meta,Google,AppleandMicrosoftearned enough to pay off all last year’s fines. Let’s take a look at what needs to change and, most importantly, what you can do in the meantime to truly protect your privacy.

Ineffective data protection fines

“What’s clear is that these fines, though they appear to be a huge amount of money, in reality are just a drop in the ocean when it comes to the revenues that the tech giants are making. In other words, they aren’t a deterrent at all,” Jurgita Miseviciute, Head of Public Policy & Government Affairs at Proton, told me.

Researchers at Protonhave calculatedthat Alphabet (Google’s parent company) needs only a bit more than a day to pay off its $941 million fines.Amazonand Apple’s earnings of just a few hours are then enough to repay their data protection’s sanctions of  $111.7 and $186.4 million respectively.

While biggest data abuse perpetrator Meta, which got arecord $1.3bn finefor its (mis)handling of EU user data in May last year, managed to accumulate all the necessary money in just about five working days.

If you think big fines work on #BigTech, think again.@Google, @Apple, @Meta, @Amazon, and @Microsoft generated enough revenue in the past 7 days to pay off their fines for 2023.Taking advantage of your privacy is so lucrative, that these fines are nothing more than the cost… pic.twitter.com/cGprAwS0hoJanuary 8, 2024

These findings make it clear that data regulators' fines, as founder and CEO of Proton Andy Yen put it, are “little more than pocket change for these companies” instead of a mean to stop them abusing users' data. Not only that, he said, as “these minuscule fines essentially give the green light to tech giants to run riot in a marketplace skewed in their favor.”

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.

It’s also quite common that big tech firms might appeal to these sanctions or simply refuse to pay, delaying the repayment for years. Take how Google contested India’s fine, for instance, about the Android-related inquiry forabusing its dominant positionin the market which started in 2019.

On this point, Yen said: “It’s the average consumer that’s losing out—facing higher prices, less choice, and no privacy. It has to stop and we need real, tangible change that puts people first, not profits.”

According to Miseviciute, there are two main things that must happen for things to really change.

Fully enforced in May 2023, theEU Digital Market Act(DMA)brought new obligations for tech companies to ensure fair competition and protect people’s digital rights. A similar bill, so-calledDigital Markets, Consumer and Competition Bill (DMCC)is currently passing through the UK Parliament, too.

For starters, she believes that governments have to issuefines with a real financial effectin order to fight back against big monopolies.

“That’s why fines up to even 20% of global revenues for breaches of laws such as the EU’s DMA [Digital Market Act] and up to 10% in case of  the proposed DMCC [Digital Markets, Competition and Consumers] Bill in the UK are a step in the right direction,” she told me.

If heavier sanctions are important, they are not everything. Miseviciute explained that regulators need tocombine these with practical measuressuch as enforced behavioral and structural changes, for example.

Again, she sees the EU quite well-placed to do so due to the new powers gained with the DMA. However, elsewhere there are also some small steps in this direction.

“We hope Google’s antitrust trial in the US serves as a catalyst for comprehensive antitrust regulation on the other side of the Atlantic. We also see promising potential regulatory developments in South Korea, Japan, Australia and other major jurisdictions,” she told me.

“If you open up the marketplace, and you give innovators like Proton a chance to succeed, you’ll get solutions that are more private and more secure for consumers.”

How to protect your online privacy

As we have seen, 2023 was yet another hard year for our online privacy.

The US, for instance, still lacks a federal data protection law with the proposedADPPAbeing stalled at the time of writing. Enforced in August last year,India’s new privacy lawwas strongly criticized for favoring government and big tech instead of citizens. Well, where allegedly strong legislations are in place like in the EU, these seem to have not enough teeth just yet.

Commenting on this point, Miseviciute told me: “Until laws like the DMA in the EU and the proposed DMCC in the UK are effectively put into practice we are living in a world where big tech rules the internet—and all our privacy is at the mercy of their surveillance capitalism business model.”

Two thirds of people in the UK would rather lose their passport than access to their email account. Yet, despite these concerns, most of them lack the necessary knowledge and tools to protect their digital privacy.Big Tech knowsthat, researchers revealed.

The glimpse of light in this gloomy scenario is that it’s ultimately our choice if we want to keep using data-hungry products. Luckily, there are some smaller companies offering privacy-first alternatives you can switch to.

On its part, Proton appear to have been working hard tocut Google outof our digital life. Likewise the popular service, the Swiss-based provider offers an encrypted email serviceProton Mail(which even beat the big tech giant by landing with astandalone desktop appin December), secure calendar and its own cloud storageProton Drive, too.

Proton’s product offering also includes one of the bestvirtual private networkapps on the market (Proton VPN) to help you boosting your anonymity while browsing among other things, as well as apassword managertool (Proton Pass) to secure all your login details. Even better as all the provider’s services come both with free and paid plans.

However, Proton is just one of the many companies developing privacy-first alternatives to big tech software. Worth a mention there are also encrypted messaging appSignalif you wish to replaceWhatsAppwith a more secure application andMullvad browserto make the switch from Safari and Chrome.

We test and review VPN services in the context of legal recreational uses. For example:1.Accessing a service from another country (subject to the terms and conditions of that service).2.Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

What a new Trump mandate could mean for American data privacy rights

Undermining your privacy? Session says no and leaves Australia

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics