Read

User menu

Search form

How Europe's 'Breakthrough' Privacy Law Takes on Facebook and Google

How Europe's 'Breakthrough' Privacy Law Takes on Facebook and Google
Fri, 4/20/2018 - by Olivia Solon
This article originally appeared on The Guardian

Despite the political theatre of Mark Zuckerberg’s congressional interrogations last week, Facebook’s business model isn’t at any real risk from regulators in the US. In Europe, however, the looming General Data Protection Regulation will give people better privacy protections and force companies including Facebook to make sweeping changes to the way they collect data and consent from users – with huge fines for those who don’t comply.

“It’s changing the balance of power from the giant digital marketing companies to focus on the needs of individuals and democratic society,” said Jeffrey Chester, founder of the Center for Digital Democracy. “That’s an incredible breakthrough.”

Here’s a simple guide to the new rules.
 

What is GDPR?

It is a regulation that requires companies to protect the personal data and privacy of residents of EU countries. It replaces an outdated data protection directive from 1995 and restricts the way businesses collect, store and export people’s personal data.

“Consumers have been abused,” said David Carroll, an associate professor at Parsons School of Design in New York. “Marketers have succeeded in making people feel powerless and resigned to getting the short end of the bargain. GDPR gives consumers the chance to renegotiate that very unfair deal.”
 

Does it only affect European companies?

No. It applies to all companies that process the personal data of people residing in the European Union.
 

What counts as personal data?

Any information related to a person that can be used to identify them, including their name, photo, email address, IP address, bank details, posts on a social networking site, medical information, biometric data and sexual orientation.
 

What new rights do people get?

Under GDPR, people get expanded rights to obtain the data that a company has collected about them for free through a “data subject request”. People will also have the “right to be forgotten”, which means companies must delete someone’s data if they withdraw their consent for it to be held. Companies will only be able to collect data if there’s a specific business purpose for it, rather than collecting extra information at the point of sign-up just in case.

“It makes companies become much more thoughtful and rigorous about the data they collect and what they use it for,” Carroll said.

Companies will have to replace long terms and conditions filled with legalese with simple-to-digest consent requests. It must be as easy to withdraw consent as to give it. Finally, if a company has a data breach, it must inform users within 72 hours.

“What makes this a potential game changer is the amount of power it places into the hands of the public,” said attorney Jason Straight, who is chief privacy officer at legal services company UnitedLex.
 

What about people outside of Europe?

Although it only applies to residents of the EU, the new rules will probably put pressure on companies to offer further protections for the rest of their users. Facebook, for example, has pledged to .

“This will be good for everyone,” said Kris Lahiri, co-founder at the cloud-sharing company Egnyte, pointing out that global customers will demand the same rights as their European counterparts.
 

Which companies have the most work to do?

The big data-hungry technology platforms like Amazon, Google and Facebook and advertising technology companies such as Criteo, whose technology powers those ads featuring products you’ve browsed online that follow you around the internet.
 

What is Facebook doing to comply?

Having said it would follow GDPR “in spirit”, Facebook’s actions tell a different story. On Wednesday Reuters reported that the company would change its terms of service so that its 1.5 billion non-European users would no longer be covered by the privacy law. Until now, all users outside of the US and Canada have been governed by terms of service agreed with the company’s international headquarters in Ireland. Since any user data processed in Ireland will soon fall under GDPR, Facebook is changing the agreement so users in Africa, Asia, Australia and Latin America are governed by more lenient US privacy laws.

Where it needs to comply with GDPR, Facebook seems to have focused its efforts on getting user consent for its data collection practices (including facial biometric data) rather than reducing the data it collects. It has developed a sequence of consent requests that explicitly outline how each type of data will be used. However, as TechCrunch highlighted, the company has designed these requests in a way that makes it harder to opt out than opt in.
 

What about startups who don’t have the same resources?

Complying with GDPR may be a little onerous for companies that don’t have the engineering resources of Facebook or Google. According to a PwC survey, 68% of US companies expect to spend between $1 million and $10 million to comply with GDPR.

And there’s another way they’ll get stung: GDPR consultants charging enormous fees for patchy advice.
 

What are the penalties for companies that don’t comply?

Companies can be fined up to 4% of annual global revenue, but it will come down to how regulators in individual countries choose to enforce the law.
 

When does it come into effect?

The twenty-fifth of May 2018. That’s too early for some: “There’s a panic mode setting in as everyone is getting closer to this deadline,” said Lahiri.
 


Originally published on The Guardian

Sign Up

Article Tabs

Greek economic crisis, Greek bailout, Syriza party, Greek austerity measures, E.U. bailouts, Alexis Tsipras

Poverty, privatizations, debt – in Greece, which just officially "ended" its bailout program, the silent majority can't let go their fear that this might just be the prelude to something worse yet to come.

California, privatization, PG&E, investor-owned utilities, energy utilities, fire risk, fire damage, Global Climate Action Summit, public banks, energy prices, consumer fees

Oil companies heat and dry up the planet, power companies start fires on the dried up land – and we pay the bills.

cybersecurity programs, US cybersecurity, Fox journalists, Fox influence, biased reporting, Fox spin, Donald Trump

It’s not clear why 43-year-old Fox News general assignment reporter Lea Gabrielle would be the answer to the State Department's long-lasting cybersecurity problems.

Black Lives Matter is no longer a target for domestic oppression. The threat of their human rights work has now peaked the interest of oppressive entities abroad.

teacher strikes, treacher pay, union busting, right to work, Janus decision, teacher demands, union support

While many teachers and their unions in the major strike states are still in a watching and waiting mode, the revolt has spread and militancy is growing.

Greek economic crisis, Greek bailout, Syriza party, Greek austerity measures, E.U. bailouts, Alexis Tsipras

Poverty, privatizations, debt – in Greece, which just officially "ended" its bailout program, the silent majority can't let go their fear that this might just be the prelude to something worse yet to come.

“We just want to be able to take care of ourselves as men and women, in this Department of Corrections,” a strike participant from a South Carolina prison said.Photograph by David Paul Morris / Bloomberg / Getty

Wages for incarcerated workers are typically cents per hour, and several states—Alabama, Arkansas, Mississippi, Texas, and South Carolina—use prisoner labor without paying them at all.

Occupy Wall Street, OWS, Occupy protests, Zuccotti Park, wealth inequality, Occupy anniversary

How a movement that eschewed electoral politics is now showing up everywhere in the 2018 progressive resurgence.

California, privatization, PG&E, investor-owned utilities, energy utilities, fire risk, fire damage, Global Climate Action Summit, public banks, energy prices, consumer fees

Oil companies heat and dry up the planet, power companies start fires on the dried up land – and we pay the bills.

too big to fail, public banks, public banking, Bank of North Dakota, financial crisis

When the next crisis hits, the public will once again be called upon to step in and bail out Wall Street. We need to start seriously preparing an alternative response: public banks.

cybersecurity programs, US cybersecurity, Fox journalists, Fox influence, biased reporting, Fox spin, Donald Trump

It’s not clear why 43-year-old Fox News general assignment reporter Lea Gabrielle would be the answer to the State Department's long-lasting cybersecurity problems.

Posted 5 days 20 hours ago

Black Lives Matter is no longer a target for domestic oppression. The threat of their human rights work has now peaked the interest of oppressive entities abroad.

Posted 6 days 21 hours ago
California, privatization, PG&E, investor-owned utilities, energy utilities, fire risk, fire damage, Global Climate Action Summit, public banks, energy prices, consumer fees

Oil companies heat and dry up the planet, power companies start fires on the dried up land – and we pay the bills.

Posted 1 day 18 hours ago
Illustration by Selman Design; Photographs by Tammy Bradshaw, Seth Wenig/Associated Press, Mark Makela for The New York Times, and Jeff Swensen for The New York Times.

Why the pitch from Alexandria Ocasio-Cortez and Bernie Sanders resonates in 2018.

Posted 6 days 21 hours ago
President Trump, Vice President Pence and first lady Melania Trump visit the Federal Emergency Management Agency headquarters in Washington, D.C., on June 6. Secretary of Homeland Security Kirstjen Nielsen and FEMA Administrator Brock Long are seated at r

As Hurricane Florence bears down on the East Coast, a "reprehensible" disclosure.

Posted 5 days 20 hours ago
Illustration by Selman Design; Photographs by Tammy Bradshaw, Seth Wenig/Associated Press, Mark Makela for The New York Times, and Jeff Swensen for The New York Times.

Why the pitch from Alexandria Ocasio-Cortez and Bernie Sanders resonates in 2018.

cybersecurity programs, US cybersecurity, Fox journalists, Fox influence, biased reporting, Fox spin, Donald Trump

It’s not clear why 43-year-old Fox News general assignment reporter Lea Gabrielle would be the answer to the State Department's long-lasting cybersecurity problems.

too big to fail, public banks, public banking, Bank of North Dakota, financial crisis

When the next crisis hits, the public will once again be called upon to step in and bail out Wall Street. We need to start seriously preparing an alternative response: public banks.

Black Lives Matter is no longer a target for domestic oppression. The threat of their human rights work has now peaked the interest of oppressive entities abroad.

California, privatization, PG&E, investor-owned utilities, energy utilities, fire risk, fire damage, Global Climate Action Summit, public banks, energy prices, consumer fees

Oil companies heat and dry up the planet, power companies start fires on the dried up land – and we pay the bills.