Converting the value of personal data into a win-win

This landmark 200th edition of PL&B International Report(1) is forward-looking in several ways.

The two articles on this edition’s front page were written by our young Researchers who focus on EU level cross-regulatory cooperation, and data equity. We consider that both subjects will have a substantial impact on business in the future.

The Reports often cover regulatory cooperation but data equity is a relatively new subject in the form of a working model. I introduced the concept of data equity in my blog on 1 December 2025(2) but this article shows how it is being converted into a working business model by WAGOI for connected cars. We expect that other areas will follow, such as smart homes, smart devices and wearables as well-informed consumers aim to derive value from the personal data they generate in their everyday lives.

Reputational damage but a rise in stock value

The launch of the WAGOI business model about sharing the value of data produced by connected cars coincided in the US in late March with one of the most significant challenges to social media companies in terms of the court judgements against Meta and Google in California and New Mexico.(3)

In California Snap and TikTok were also defendants in the trial but both settled with the plaintiffs before the trial began which meant that Meta and Google attracted by far the most negative publicity.

The jury finding Meta liable for $4.2 million in damages and Google $1.8 million in damages, in a decision announced on 25th March may be of minor importance to the companies in money terms, and they will appeal these decisions. But the wider question is the extent to which these cases mark a change in public sentiment raising awareness of alleged addictive design features. A Financial Times article stated: “...the latest court ruling in Los Angeles that Google and Meta were liable for the addictive harm they caused to children may lead to a more serious techlash.”(4)

Despite reputational damage, the stock market value of both companies edged up in the following days.

A civil penalty on Meta of $375 million

In a separate case brought by Paul Torrez, New Mexico’s Attorney-General, a jury on 24 March found Meta liable and the court imposed a civil penalty on the company of $375 million. Reuters reported that the A-G “accused the company of misleading users about the safety of Facebook, Instagram and WhatsApp and of enabling child sexual exploitation on those platforms.”

The BBC reported “The jury found that Meta was responsible for violating New Mexico's Unfair Practices Act because it misled the public about the safety of its platforms for young users…. Meta argued that it has worked over the years to combat problem users of its platforms and promote safe experiences for minors.”(5)

In a different case in California, on 11 February Disney chose to settle a case with the state Attorney-General without admitting liability by paying a penalty of $2.75 million and agreeing to provide an easy opt-out process and a clear notice about behavioural advertising.

A path for social media companies to share the value of personal data

If tech companies choose to embrace and implement sharing the value of user-created data on terms which users find acceptable, then they may be able to reduce the resentment that some users feel in the current balance between giving away their personal data in exchange for free or nearly free services.

European large DPA fines usually not paid

In this edition, we publish detailed research which shows that the fines imposed by European Data Protection Authorities, mainly on US-based major tech companies, have so far only very rarely been collected. This finding damages respect for the rule of law and the efficient functioning of the legal system. I note that Spain’s Data Protection Authority, the AEPD, distinguished by its imposition of many relatively small fines, appears nowhere in this study.

The EU Digital Omnibus Package

The EU Digital Omnibus Package is the current dominant privacy related initiative in Brussels attracting attention from lobbyists on all sides. The word “omnibus” literally means “for everyone”. This is the rationale for the EU blue coloured bus image for PL&B’s 39th International Conference with the title: Digital Regulation: The fundamental things apply. The conference will discuss this initiative in detail.

Privacy advocates, the European Data Protection Board and the European Data Protection Supervisor, argue that, of course, fundamental rights should apply to new initiatives. Business groups, aware of the GDPR’s influence around the world, argue the case (based on a decision of the Court of Justice of the European Union)(6) for clarification and simplification. They make the case for interpreting the definition of “personal data” in a more flexible way, for example, for pseudonymisation and against the right of access to such data by individuals.

Ireland conference 14 May, Dublin

We build on our focus on EU developments with our Ireland Conference on 14 May hosted by McCann FitzGerald, in Dublin with the title: Ireland and EU privacy/digital laws: New horizons with speakers including:

• Michael McGrath, European Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection
• Dr Des Hogan, Commissioner for Data Protection, Ireland
• Jennifer Dolan, Deputy Commissioner, Ireland on regulatory co-operation in Ireland and across the European Economic Area, and
• Cathal Ryan, Deputy Commissioner, Ireland, on AI policy issues.

PL&B’s 39th International Conference, 6-8 July, St. John’s College, Cambridge

Over 3 days the residential Privacy Laws & Business 39th International Conference Digital Regulation: The fundamental things apply features 60+ speakers from 12 countries in 27 sessions. The main themes are Law, Management and Tech. We cover some subjects for the first time, such as:

• Digital vulnerability: Data privacy and consumer law compared with a speaker from BEUC, the European consumer organisation
• A debate at the Cambridge Union on the motion: This House considers there is a need for specific laws to govern the use of online services by children
• Excessive reliance on the criminal law damages physical and data privacy.

We look forward to meeting you in May, July and October at PL&B’s events.

Stewart Dresner 
Publisher, Privacy Laws & Business

April 2026