You’ve probably been getting tons of emails from various online platforms you’re on; Facebook, Twitter, Quora, Reddit, plus tons of others you didn’t know you had an account with. If so, you’re not alone. Hundreds of companies are scrambling to update their data privacy policies ahead of a new European Union law that took effect on Friday, May 25th.
The new rule is officially called General Data Protection Regulation (GDPR) originates from Europe but have a far reaching impact. It is a set of new privacy policy guidelines that are much more economical when rolled out globally.
So what is GDPR?
Ideally, GDPR going into effect means it is now unacceptable for a company or business that’s operating in Europe to ‘Click-to-approve’ Terms of service that is several pages long and spewed with technical and legal terms that the average user may not relate with or understand. These companies are now required to present and explain their Privacy Policy to the consumers in a clear and concise way that is easily understood by every average user or consumer.
As mentioned, these rules apply to not just European companies but also any company that has any form of operation or consumers in the European Union. This basically means any platform that’s used globally. That’s why you’ve also been getting these emails. Also, GDPR doesn’t necessarily affect the tech industry alone. All consumer-facing and even non consumer-facing companies are required to comply with this new regulation which means you will be receiving these mails well into the next few weeks. 25th May was the day the new law went into effect but late adopters are bound to keep rolling these privacy features as they implement them on their platforms. But these aren’t the only changes that come with GDPR coming into effect.
The 3 main changes GDPR requires companies to make include;
- Consent– Initially, companies would among other things, add you to a mail list without expressly asking you to opt in. That is called ‘Implied Consent. With GDPR in effect, companies must explicitly gain approval prior to collecting any personal data for anyone in the E.U.— things like name and home address, IP address, location, credit card numbers, age and gender, and more— as well as spelling out what info they’re collecting, how they’re storing it, who has access to it, and how it will be used. Plus, that consent must be easy to withdraw or change. Companies are also required to maintain documentation of your obtained consent.
- Transparency– Companies that suffer breaches or whose consumers’ data get compromised are supposed to report to the authorities and to the consumers within 72 hours of first knowing about this breach.
- Data portability- Under this, companies are required to provide users with access to their data should they want to abandon the platform. This means users can download their data and delete their account and the company will not keep anything once a user deletes their account. This is called the right to be forgotten.
Penalties for non-compliance
To ensure compliance, the European Union is not messing around. Companies that fail to comply with this new regulations could face hefty fines of up to 4% of their annual revenue or 20 million euros, whichever is higher.
A lot of people are drawing parallels between this new regulations and the Cambridge Analytica scandal. And for the most part this is true. GDPR is coming into effect to try and minize the chances of another misuse of user data.
GDPR also offers users and consumers some hope that we’re not entirely powerless in the face of these new age monopolies like Facebook. Companies that make Billion of dollars off of our data, our data that they collect with or without our consent. It is a testament that the internet could actually be policed after all..
Featured Image courtesy of BuzzFeed