Data Protection In Europe: Do You Accept The New Terms And Conditions?


Have you noticed that recently many of the website you frequent have asked you to accept their privacy policies when you visit the homepage? Since when do you have to accept or decline policies before viewing a website? Well, apparently there’s no more simply storing things away into the terms and conditions section that no one ever reads. The European Union wants consumers to have more of a right to know what type of information websites are storing about them, so they passed this new privacy law, the General Data Protection Regulation (GDPR). This law requires companies to do a lot more than tucking this information away in the fine print.

Ever since the Facebook Cambridge Analytica scandal, where the large firm obtained access to many users’ information and used it to influence their behaviors, internet privacy has been at the forefront of everyone’s minds. The Centre for International Governance Innovation conducted a global survey back in March on internet security and trust and found that over half of internet users are more concerned about their online privacy this year than they were in previous years. They also found that 80 percent of users mostly fear for cybercriminals online such as false businesses and organizations.

The EU wants to help consumers regain some of that lost trust with the GDPR. The GDPR policy is a 99-page list of rules companies now need to follow when they are gathering information from people. Any company doing business in the EU that interacts with or processes data obtained from users now need to get the consumers explicit consent for every possible use of the data.

Technically you’re allowed to ‘object’ to this data being stored about you and have your data ‘forgotten’ by preventing it from being used/shared. This type of data includes what you post, medical records, search history, mailing address, IP address (your computer or iPhone’s unique address number), and GPS location. If you weren’t aware that every website you visit can obtain this type of information, you know now.

Also, if you’re freaking out because the U.S. doesn’t have these types of policies, there’s a bit of good news, some of the effects of GDPR will trickle down to help us too. Lots of companies deal with EU consumers along with U.S. consumers and therefore ta-da, the trickledown effect. Companies such as Microsoft, Google, Facebook, Spotify, eBay, etc. have to comply with this new law and therefore change their whole infrastructure.

So now these companies, in order to cover all their bases, are asking us too if they can save data on our computers in the form of cookies, and store our data. Although we don’t get all of the perks EU consumers obtain. If it's not explicitly illegal to do in the U.S. companies still may use your data without permission. I mean sure we have HIPAA to protect our medical records, and other laws in place to protect financial records and well children. But what about everything else?

Even with Facebook, Mark Zuckerberg stated he would make the global version of Facebook similar to the EU’s version but not exactly in the realm of privacy. For example, in the EU version in order to use facial recognition in the app, it must ask the user beforehand, in the U.S. version it automatically provides facial recognition unless you delve into the settings of the app to turn it off. Simple invasions such as that one happen on a daily basis unbeknownst to us.

In order to provide this type of security, however, the GDPR requires companies that have over 250 employees or collect a large quantity of sensitive data to hire a data protection officer. That officer is required to make sure all of the privacy laws are followed and if there’s a breach in their data they must inform authorities within 72 hours. There is even a ‘right to be forgotten’ clause where users can force a company to delete data that was illegally obtained or simply just isn’t true anymore. This type of protection is expensive, and some companies cannot afford it. But if companies don’t comply could be fined up to 4 percent of their global profits or $25 million whichever is higher.

People are losing trust in internet businesses for good reasons. There are loads of pop-up ads with false promises and wild accusations. It’s good that consumers are becoming more skeptical about internet practices. No one wants to buy a weight loss pill online that promised them they’d lose 25 pounds in 5 days but ended up dumping out their bank account instead. The GDPR will improve internet quality for a lot of people and may help consumers regain that trust to some degree. It's currently unknown whether the U.S. will follow suit with similar policies in order to protect consumer data usage but at least we get the trickledown effect from the EU for now. Hopefully, the U.S. will follow their lead.