Read

User menu

Search form

How Europe's 'Breakthrough' Privacy Law Takes on Facebook and Google

How Europe's 'Breakthrough' Privacy Law Takes on Facebook and Google
Fri, 4/20/2018 - by Olivia Solon
This article originally appeared on The Guardian

Despite the political theatre of Mark Zuckerberg’s congressional interrogations last week, Facebook’s business model isn’t at any real risk from regulators in the US. In Europe, however, the looming General Data Protection Regulation will give people better privacy protections and force companies including Facebook to make sweeping changes to the way they collect data and consent from users – with huge fines for those who don’t comply.

“It’s changing the balance of power from the giant digital marketing companies to focus on the needs of individuals and democratic society,” said Jeffrey Chester, founder of the Center for Digital Democracy. “That’s an incredible breakthrough.”

Here’s a simple guide to the new rules.
 

What is GDPR?

It is a regulation that requires companies to protect the personal data and privacy of residents of EU countries. It replaces an outdated data protection directive from 1995 and restricts the way businesses collect, store and export people’s personal data.

“Consumers have been abused,” said David Carroll, an associate professor at Parsons School of Design in New York. “Marketers have succeeded in making people feel powerless and resigned to getting the short end of the bargain. GDPR gives consumers the chance to renegotiate that very unfair deal.”
 

Does it only affect European companies?

No. It applies to all companies that process the personal data of people residing in the European Union.
 

What counts as personal data?

Any information related to a person that can be used to identify them, including their name, photo, email address, IP address, bank details, posts on a social networking site, medical information, biometric data and sexual orientation.
 

What new rights do people get?

Under GDPR, people get expanded rights to obtain the data that a company has collected about them for free through a “data subject request”. People will also have the “right to be forgotten”, which means companies must delete someone’s data if they withdraw their consent for it to be held. Companies will only be able to collect data if there’s a specific business purpose for it, rather than collecting extra information at the point of sign-up just in case.

“It makes companies become much more thoughtful and rigorous about the data they collect and what they use it for,” Carroll said.

Companies will have to replace long terms and conditions filled with legalese with simple-to-digest consent requests. It must be as easy to withdraw consent as to give it. Finally, if a company has a data breach, it must inform users within 72 hours.

“What makes this a potential game changer is the amount of power it places into the hands of the public,” said attorney Jason Straight, who is chief privacy officer at legal services company UnitedLex.
 

What about people outside of Europe?

Although it only applies to residents of the EU, the new rules will probably put pressure on companies to offer further protections for the rest of their users. Facebook, for example, has pledged to .

“This will be good for everyone,” said Kris Lahiri, co-founder at the cloud-sharing company Egnyte, pointing out that global customers will demand the same rights as their European counterparts.
 

Which companies have the most work to do?

The big data-hungry technology platforms like Amazon, Google and Facebook and advertising technology companies such as Criteo, whose technology powers those ads featuring products you’ve browsed online that follow you around the internet.
 

What is Facebook doing to comply?

Having said it would follow GDPR “in spirit”, Facebook’s actions tell a different story. On Wednesday Reuters reported that the company would change its terms of service so that its 1.5 billion non-European users would no longer be covered by the privacy law. Until now, all users outside of the US and Canada have been governed by terms of service agreed with the company’s international headquarters in Ireland. Since any user data processed in Ireland will soon fall under GDPR, Facebook is changing the agreement so users in Africa, Asia, Australia and Latin America are governed by more lenient US privacy laws.

Where it needs to comply with GDPR, Facebook seems to have focused its efforts on getting user consent for its data collection practices (including facial biometric data) rather than reducing the data it collects. It has developed a sequence of consent requests that explicitly outline how each type of data will be used. However, as TechCrunch highlighted, the company has designed these requests in a way that makes it harder to opt out than opt in.
 

What about startups who don’t have the same resources?

Complying with GDPR may be a little onerous for companies that don’t have the engineering resources of Facebook or Google. According to a PwC survey, 68% of US companies expect to spend between $1 million and $10 million to comply with GDPR.

And there’s another way they’ll get stung: GDPR consultants charging enormous fees for patchy advice.
 

What are the penalties for companies that don’t comply?

Companies can be fined up to 4% of annual global revenue, but it will come down to how regulators in individual countries choose to enforce the law.
 

When does it come into effect?

The twenty-fifth of May 2018. That’s too early for some: “There’s a panic mode setting in as everyone is getting closer to this deadline,” said Lahiri.
 


Originally published on The Guardian

Sign Up

Article Tabs

Norway Sovereign Wealth Fund, Norwegian divestment, oil divestment, fossil fuel divestments, carbon emissions, Green New Deal, petro-states

Europe's largest oil producer is effectively admitting the oil game is over and promises to divest from the industry – but it wants to play to the final whistle. Can it have it both ways?

Amazon, Amazon Web Services, Amazon cloud storage, Amazon government relationship, Amazon surveillance technology, Amazon financial dominance

Amazon provides is unmatched providing cloud storage to our federal government, gubernatorial organizations and local municipalities, with over 2,000 agencies now dependant on AWS.

Brexit, Brexit failure, leaving the E.U., British turmoil, Brexit no-deal

The rejection of a no-deal left the government crestfallen as its attempt to keep control of the Brexit process by maintaining a no-deal on the table was quashed.

youth climate strike, climate protests, climate walkouts, strike for climate, Greta Thunberg, global youth protests

The global Youth Climate Strike will have its official coming out party this Friday, March 15, when tens of thousands of young people worldwide skip school to protest climate inaction.

Norway Sovereign Wealth Fund, Norwegian divestment, oil divestment, fossil fuel divestments, carbon emissions, Green New Deal, petro-states

Europe's largest oil producer is effectively admitting the oil game is over and promises to divest from the industry – but it wants to play to the final whistle. Can it have it both ways?

Environmental activists occupy the office of then incoming Democratic majority leader Rep. Steny Hoyer, D-Md. (J. Scott Applewhite / AP)

Amid transatlantic proposals for a Green New Deal, monetary policy – normally relegated to obscure academic tomes and bureaucratic meetings behind closed doors – has suddenly taken center stage.

Image Credit: Sara Jane Rhee

Teachers are now understanding that their labor power is part of a broader strategy to even the playing field in a political landscape that is increasingly unequal.

District of Columbia Democratic Attorney General Karl Racine (center) is hiring outside climate counsel to work on matters related to an Exxon investigation. Karl Racine/Facebook

Washington, D.C. Attorney General Karl Racine has revealed plans to hire climate lawyers to focus on an investigation and potential litigation against Exxon Mobil Corp.

billionaires, abolish billionaires, extreme wealth, wealth inequality, income inequality, tax the rich, wealth redistribution, wealth tax

America’s billionaires have suddenly realized they just may be facing an existential crisis: A good chunk of the American people, they now understand, would rather billionaires not exist.

Posted 4 days 5 hours ago
Amazon, Amazon Web Services, Amazon cloud storage, Amazon government relationship, Amazon surveillance technology, Amazon financial dominance

Amazon provides is unmatched providing cloud storage to our federal government, gubernatorial organizations and local municipalities, with over 2,000 agencies now dependant on AWS.

Posted 2 days 5 hours ago
Brexit, Brexit failure, leaving the E.U., British turmoil, Brexit no-deal

The rejection of a no-deal left the government crestfallen as its attempt to keep control of the Brexit process by maintaining a no-deal on the table was quashed.

Posted 3 days 5 hours ago
Image Credit: Sara Jane Rhee

Teachers are now understanding that their labor power is part of a broader strategy to even the playing field in a political landscape that is increasingly unequal.

Posted 1 day 16 hours ago
Norway Sovereign Wealth Fund, Norwegian divestment, oil divestment, fossil fuel divestments, carbon emissions, Green New Deal, petro-states

Europe's largest oil producer is effectively admitting the oil game is over and promises to divest from the industry – but it wants to play to the final whistle. Can it have it both ways?

Posted 15 hours 55 min ago
Image Credit: Sara Jane Rhee

Teachers are now understanding that their labor power is part of a broader strategy to even the playing field in a political landscape that is increasingly unequal.

Bouteflika protests, Algeria protests, second Arab Spring, Algeria youth, Algeria elections

Hundreds of thousands gathered at capital Algiers' landmark Grand Poste square demanding the president step down.

Brexit, Brexit failure, leaving the E.U., British turmoil, Brexit no-deal

The rejection of a no-deal left the government crestfallen as its attempt to keep control of the Brexit process by maintaining a no-deal on the table was quashed.

District of Columbia Democratic Attorney General Karl Racine (center) is hiring outside climate counsel to work on matters related to an Exxon investigation. Karl Racine/Facebook

Washington, D.C. Attorney General Karl Racine has revealed plans to hire climate lawyers to focus on an investigation and potential litigation against Exxon Mobil Corp.

Amazon, Amazon Web Services, Amazon cloud storage, Amazon government relationship, Amazon surveillance technology, Amazon financial dominance

Amazon provides is unmatched providing cloud storage to our federal government, gubernatorial organizations and local municipalities, with over 2,000 agencies now dependant on AWS.