Commentary: GDPR: Will It Transform U.S. Corporate Titans?
GDPR will codify data protection rules for all companies that collect data from EU citizens while greatly expanding individuals’ control over how and when their personal data is collected and used. If even a single EU citizen visits the website of a company based anywhere in the world and data is collected on that individual, that company must comply with GDPR or risk severe penalization. Under the new rules, these companies will need to be much more specific about how they will use data and get permission for these specific uses. In the U.S. especially, where many companies are built on their ability to capture, sell, or leverage data to target individuals, the new regulations-which grant individuals the right to have their information deleted from databases under various circumstances-will force businesses of all sizes and kinds to dramatically rethink their data practices.
With member nations ramping up their enforcement capabilities as we speak, it is becoming clear that all companies, not just the industry giants, could be targeted. Facing a new regulatory minefield, U.S.-based companies have a narrow window of time to assess their capabilities and vulnerabilities and address areas of concern. Companies will no longer be able to rely on the fine print and must have privacy policies that are clear and consumer-friendly. EU citizens will now have the right to know what information a company has gathered on them. GDPR extends this right much further, requiring companies to delete even non-publicly shared data under a variety of circumstances.
If the user asks to be forgotten and then a month later gets an email solicitation from that company, they can file a complaint. Because there is no history to study, all companies must start from square one. Many companies are waiting for the first shoe to drop in order to react.
How Europe’s GDPR Will Mean Your Data Belongs to You: QuickTake
The European Union is introducing tougher rules for how data collectors gather and use its citizens’ information, and lets consumers control their own data. Starting May 25, all 28 EU nations will be applying the General Data Protection Regulation, which sets new standards for any holder of sensitive data, from Amazon to your local government council. These rules will apply to any company that collects the personal data of EU residents. Consumers will have the right to retrieve their data and give it to another business. If a firm is smaller than 250 but is collecting large quantities of sensitive data, it will also need a DPO.
If there’s a data breach, electronic data collectors will have to notify authorities within 72 hours and will have to alert customers in a timely manner if the breach poses a risk to them. So situations like Uber’s attempts to cover up of its 2016 data hack, or the slow release of information on Yahoo’s massive breach in 2013 will now be punishable with huge fines. In cases of negligence or violating the conditions of consent and infringing on data subject rights, the fines can go as high as $24.8 million, or 4 percent of annual worldwide revenue, whichever is higher. They’ll have free access to the data that’s been collected on them and more information on how it’s being used. Data will be destroyed when it is no longer needed for the original task.
To request access to their data, consumers will contact the data controller or controllers, whose contact info must be provided to consumers whenever information is collected. Because consumers will own their data, eventually they may be able to trade things like gift certificates from Zara in exchange for their shopping histories with J. Crew.8. They’ll need to make sure that the data they’ve collected adheres to new protocols.
A flaw-by-flaw guide to Facebook’s new GDPR privacy changes – TechCrunch
The new privacy change and terms of service consent flow will appear starting this week to European users, though they’ll be able to dismiss it for now – although the May 25th GDPR compliance deadline Facebook vowed to uphold in Europe is looming. Facebook says it will roll out the changes and consent flow globally over the coming weeks and months with some slight regional differences. Facebook brought a group of reporters to the new Building 23 at its Menlo Park headquarters to preview the changes today. Feedback was heavily critical as journalists grilled Facebook’s deputy chief privacy officer Rob Sherman. Questions centered around how Facebook makes accepting the updates much easier than reviewing or changing them, but Sherman stuck to talking points about how important it was to give users choice and information.
Trouble at each step of Facebook’s privacy consent flow. Facebook’s consent flow starts well enough with the screen above offering a solid overview of why it’s making changes for GDPR and what you’ll be reviewing. A major concern that’s arisen in the wake of Zuckerberg’s testimonies is how Facebook uses data collected about you from around the web to target users with ads and optimize its service. Facebook recently rewrote its terms of service and data use policy to be more explicit and easy to read. It didn’t make any significant changes other than noting the policy now applies to its subsidiaries like Instagram and Messenger.
To keep all users abreast of their privacy settings, Facebook has redesigned its Privacy Shortcuts in a colorful format that sticks out from the rest of the site. Overall, it seems like Facebook is complying with the letter of GDPR law, but with questionable spirit. When asked to clear a higher bar for privacy, Facebook delved into design tricks to keep from losing our data.