A lot will change after the General
Data Protection Regulation (GDPR) comes into force across Europe on
May 25. While the regulation comes into effect across EU member states “to harmonise
data privacy laws”, its impact will be felt across the world.
But what is this new regulation?
Enacted in 2016, GDPR ensures data
protection and privacy for all those living within the EU, and also prevents
the export of personal data outside its territories. Simply put, it deals
with three primary areas: personal data, consent for its use, and
privacy by design. The EU defines personal data as all information
“related to an identified or identifiable natural person”.
While a lot of this such as
names, phone numbers and credit card information is clearly defined, there are grey
areas where work timings, answers in a test, and even opinion can be defined
as personal data. On consent, GDPR states that processing personal data is
“generally forbidden if it is not expressly allowed by law”, or the “impacted
persons have not consented” to the data being used. Even the basic
requirements of consent have been defined and “must be voluntarily granted”,
that too after “sufficient information” is provided to the person involved.
The thought behind the concept of
“privacy by design” is to ensure “data protection through technology design” —
the idea that data processing procedures are best adhered to when they are
integrated at the point at which the technology is created. The enactment of GDPR
changes the game drastically for most Internet companies, which are fuelled
in every sense by the data of users. From algorithms that define the
product to business models that make them multi-billion dollar entities, almost
everything these firms do originates from the small bits of data they collect
from users.
A lot of this data is offered
voluntarily by users, but not always because they are fully aware of what
data they are creating, what they are transmitting, and how it is used. If
access to this data is capped, because GDPR will need users to give explicit
consent to use their data, a lot of the products offered by these companies
will not be as effective as they have been so far. The implications are still
being understood, and range from a lot of Internet services being off-limits
for those under age 16 to the death of unsolicited marketing emails.
Over the last one month,
Internet companies have been trying to comply with these new regulations,
whether they like it or not. While Facebook CEO Mark Zuckerberg told the
European Parliament this week that his company will be fully compliant by the
deadline, it seems unlikely that other Internet companies will be fully
GDPR-ready. This could potentially lead to a spate of litigation in the
coming months.
However, what will worry
companies across the world is GDPR’s push for the right of access, which
gives users in EU the ability to ask for what information a company has about
them. This can be followed through with requests for correction or even
erasure. It is going to be a struggle for any company to comply
with such requests, given that they will have such data across multiple
servers in different geographies and varied formats.
For companies that have been
stashing user data for decades, this is nothing short of a nightmare. On the
flip side, the European data protection standards might end up becoming the
default for the rest of the world as companies struggle with different
policies for different geographies. Microsoft, for instance,
has announced that it will “extend the rights that are at the heart of GDPR
to all of our consumer customers worldwide”. If more companies follow suit,
it will be good for consumers in countries like India, where user data is
still up for grabs for the highest bidder.
Credit: Indian Express Explained (http://indianexpress.com/article/explained/european-union-new-data-privacy-regulation-how-it-will-affect-rest-of-the-world-cambridge-analytica-facebook-5188831/)
Reach Us
if you face difficulty in understanding the above article.
No comments:
Post a Comment