EU To Fine Santa Claus For Blatant GDPR Infringement
May 25, 2018
STRASBOURG, FRANCE - The May 25th deadline for GDPR compliance has arrived, and EU regulators are already gearing up to make an example of one of the most egregious violators: Father Christmas.
Long known for his clandestine operations and intrusive data collection practices – especially on minors – jolly old Saint Nicholas finds himself at the top of the EU's naughty list to the tune of the legislation's maximum penalty: 20 million euros or 4% of his worldwide annual turnover, whichever is greater.
According to the framework laid out by GDPR, Kris Kringle is considered to be both a "data controller" and a "data processor". Both of these designations confer great responsibility with respect to stewardship of data collected from EU citizens, yet it appears that Père Noël is wholly unconcerned with these matters and continues to hide behind the North Pole's flimsy excuse for an extradition treaty.
When the holidays come around, Santa Claus may find himself subject to more than just fines. EU regulators suggest that repeated GDPR infractions and fine delinquency can amount to criminal charges in the EU. Absent a course correction, Santa may find himself on the Interpol Wanted Persons list. "Come December 24th, Mr. Claus may slide down a chimney in the EU and find himself in handcuffs", warned Butarelli.