WELCOME to Connected Rights, your bubble in the bath of digital rights news and analysis.

Enjoy this newsletter? Forward it to a friend or get them to sign up. I’m David Meyer, aka @superglaze on Twitter and @davidmeyerwrites on Facebook. Don’t forget to check out the Connected Rights website and download a copy of my book, Control Shift: How Technology Affects You and Your Rights. Benvnuwe!

THE FIRST BIG GDPR FINE IS HERE. Congratulations, Google!

The Big G won its fine from French privacy watchdog CNIL for railroading users into “consenting” to having their data processed for ad-personalisation purposes. The regulator said people weren’t presented the information in a user-friendly way, some information was vague or missing, and the result was that there was no proper consent, so Google did not have a valid legal basis for the data-processing.

As some quickly pointed out, €50 million is not a huge deal for a company like Google. True – although as CNIL was once upon a time only able to wield fines of up to €150,000, it’s a much huger deal than before. But those who scoff at the amount are missing part of the point of the GDPR.

As I noted in a piece for Fortune, the new privacy regime isn’t just about big, one-off fines. Google doesn’t get to just shrug this off – if the company doesn’t change its ways, regulators can in theory cut off the flow of data to it from European users. Ultimately, the GDPR is about protecting people by forcing companies to alter their behaviour.

As for whether that happens in this case, well, Google claims it is trying to fix the problem. And as for how others should respond, here’s a great quote from the Financial Times‘ chief commercial officer, Jon Slade:

“This is the regulators going for the most public — and arguably prolific — name in town when it comes to the use of consumer data. But publishers and anyone handling data would be crazy not to look at this strong enforcement of GDPR and double-check themselves. The interpretation of GDPR has been inconsistent at best, and in some cases has wilfully chosen to ignore both the letter and the spirit of the regulation. The industry now can’t say it hasn’t been warned.”

SWEDEN’S DATA PROTECTION AUTHORITY IS ALSO going after Google – it’s opened an investigation to follow up on complaints from consumer protection advocates about how Google collects Android users’ location data.

THOSE IN THE TECH INDUSTRY OFTEN LIKE TO CLAIM that people these days understand what’s being done with their data. Not so much, it turns out. New Pew Research shows that 74% (!) of Americans did not know Facebook maintains a list of their interests and traits. Proof that the Cambridge Analytica scandal went way over most people’s heads.

THE EU’S BIG COPYRIGHT REFORM MAY NOT actually happen – at least, maybe not with the bits about charging fees for news snippets (Article 11) and forcing companies to scan everything that users upload for copyright violations (Article 13). Monday’s trilogue discussion between EU member states and parliament was called off, because the countries can’t agree on the way forward, so there’s no negotiating mandate.

According to reports, Germany wants a bigger carve-out for small and medium-sized businesses, and France wants a smaller one. The Romanian presidency of the Council, which is supposed to be steering the discussions, wants the snippets stuff to exclude “individual words and very short extracts of a press publication”.

The Romanians’ compromise text was rejected by Germany, Belgium, the Netherlands, Finland, Slovenia, Italy, Poland, Sweden, Croatia, Luxembourg and Portugal. And, as gleefully noted by Article 13 nemesis Julia Reda, even rightsholder groups are turning their backs on the contentious proposal.

“The outcome of today’s Council vote also shows that public attention to the copyright reform is having an effect,” Reda wrote on Friday, while warning that Articles 11 and 13 weren’t dead yet. “Keeping up the pressure in the coming weeks will be more important than ever to make sure that the most dangerous elements of the new copyright proposal will be rejected.”

RUSSIA’S MEDIA WATCHDOG IS SUING Facebook and Twitter because the U.S. firms haven’t given it the information it wants about their localisation of Russian users’ data in Russia.

The snub will probably earn the companies a positively homeopathic fine of $75 each, but it could ultimately be a precursor to them being blocked in Russia, as drastic as that would be. LinkedIn got blocked for refusing to comply with the data localisation law, after all.

While on the subject of Russia’s draconian online crackdowns, how about this, from culture minister Vladimir Medinsky: “There will be a clampdown [on anonymous internet use] throughout the globe in the future. I guarantee that we will get access to the internet ‘via a passport’ in the future, not just in Russia, but across the whole wide world. This matter will be resolved during our lifetime.”

THE INDIAN GOVERNMENT WANTS TO INTRODUCE new social media rules that would require the likes of Facebook and Twitter to censor information deemed inappropriate by the authorities, and to serve up users’ secret messages if requested.

The move is supposedly about fighting child abuse imagery and slowing down the spread of fake news, but civil liberties advocates are wary, to say the least.

And speaking of fake news, WhatsApp now limits the number of chats to which users can forward messages – the limit is now five rather than the 20 that was being tested (though in India the limit was already five, because the country has had a serious problem with child abduction rumours leading to mob lynchings).

ZIMBABWE’S HIGH COURT HAS RULED that the country’s internet and social media shutdowns were illegal. “High Court judge Justice Owen Tagu on 21 January 2019 ruled that the Minister of State in the President’s Office Responsible for National Security does not have the authority to issue any directives in terms of the Interception of Communications Act,” said freedom-of-expression group MISA Zimbabwe in a statement.

“The decision, therefore, means that mobile network operators and Internet service providers should restore full Internet access including access to social media applications and websites. Access to applications such as WhatsApp and Facebook had been restricted since the morning of Tuesday 15 January 2019.”