Europe’s New Data Privacy Rules Change Game for Tech Companies
Following the aftermath of Facebook and Cambridge Analytica’s alleged misuse of 87 million user profiles for the Trump campaign during the 2016 election, the European Union plans to impose a strict set of data privacy rules.
In January 2018, the EU released a formal set of rules entitled the General Data Protection Regulation (GDPR) that will apply to all 28 member-states. In response, tech companies, particularly in Silicon Valley, completely overhauled how they give their users access to their own privacy settings. In some cases, products were removed entirely from the digital mark because they will violate the new privacy rules.
Set to take effect on May 25th, the regulations will restrict what types of personal data tech companies such as Facebook, Amazon, and Google, can collect, store, and use in Europe. Among the provisions, the GDPR stipulates that users have the “right to be forgotten” in European law, meaning people can ask companies to remove certain online data about them. The new rules also require companies that collect or mine personal data to request consent from users, and they are no longer be able to list disclosures about pervasive tracking in hard-to-read legal disclaimers. Anyone under the age of 16 must obtain parental consent before using popular digital services, like Facebook, and if companies do not comply, they could face fines totaling to four percent of their annual revenue.
The regulations also detail what counts as “personal,” not solely considering attributes like race, height, weight and religion, but the individual’s IP address and browsing history.
In an interview given by NPR, Rayna Stamboliyska, a data protection specialist in Paris, commented that “under the new rules, the Internet is a place where no means no…” [comparing] digital consent to sexual consent.
The EU’s actions towards data protection to rein in the immense influence and power of American tech giants provide a stark contrast to how other nations and regions, such as the United States, have taken a largely non-interventionist stance on the issue. The GDPR was approved back in late 2015 after tech companies had problems over data protection with European privacy watchdogs throughout the nation.
CEO Mark Zuckerberg testified before Congress last week, stating that he “plans to make all the same controls and settings available everywhere, not just in Europe.” Microsoft and Google have joined Zuckerberg’s pledge, indicating they are extending Europe’s privacy rights to users all over the world.
In the next few weeks, internet users will begin seeing notifications from their music, gaming, news and other apps regarding these new privacy changes.