On May 25, Europe‘s new set of Internet privacy rules, the General Data Protection Regulation (GDPR), will go into effect – reshaping the way our online world works.
From that date, if your personal data is being used by any company in the European Union, then you have rights that didn’t exist before. This has a global impact because so many internet companies have employees or users somewhere in Europe.
GDPR does have good intentions, however, some of the law itself really breaks the internet.
Data is a billion-dollar industry and the new law applies to all global Internet companies processing user data in the EU. They include everything from credit card details to photos and even biometric data.
This is in response to protect internet users in light of the Cambridge Analytica scandal involving their illegal harvesting of data to craft ads supporting Donald Trump‘s election campaign and the Brexit campaign.
Under the new rules, companies must clearly ask for consumer’s consent to harvest data, so they have to actively “opt-in” and be informed how their data is being used and for what purpose.
Those in breach of GDPR can be fined up to four percent of annual global turnover. And users who no longer want their personal data processed have the right to be forgotten and have their data deleted.
Winners and losers of GDPR
Jason Bier of Engine Media Group believes that “GDPR does have good intentions, however, some of the law itself really breaks the internet.”
“There’s a lot of confusion in how … personal data will be interpreted by the data protection authorities in each member state,” says Bier.
“There has been the addition of an IP address, which is considered personal data, that if it’s processed before consent is given by the user that would be a violation of the GDPR. And as we all know the IP address is an essential building block of the Internet. Every communication that’s sent between a device and the webpage exchanges that simple data.”
“So it’s really a question of, what is consumer data, what is personal data? And that definition has been broadened dramatically.”
Bier thinks Google and Facebook will be empowered by GDPR, because “they’re very familiar to people, their services are widely used … so they’re going to get opt-in consent. That’s really the issue here. Small businesses can’t get opt-in consent because they don’t collect personally identifiable information like Google and Facebook do … They’re going to collect more, not less, data on individuals and associate that to personally identifiable information.”
Diego Naranjo, a senior policy adviser at European Digital Rights, doesn’t agree with Bier that the new privacy rules will benefit big companies like Google or Facebook.
“The new regulation brings a lot of strength and mechanisms, it brings potential big sanctions, so I don’t think they will be able to directly benefit from it. If they follow the rules, they will be able to do their business as anybody else. Of course, they’re big, so they’ll be able to adapt quickly but I’m not sure this will reinforce these two companies – but rather the opposite,” says Naranjo.
He admits that not enough has really been done to educate and inform people about GDPR and its implications.
“We’ve been telling the European Commission that such a change needs a proper campaign to tell people how their rights are going to be reinforced. We’ve seen a lot of misinformation by private companies who see their business model potentially affected by this regulation,” says Naranjo.
Source: Al Jazeera