May 25 is just around the corner and the world’s companies dealing with the data of European users will have to comply with the new GDPR regulations or face steep penalties. That includes Facebook, Twitter, Google, and everyone in between. So let’s see what’s going to happen from here on out and what’s already changed.
What’s GDPR? Well, GDPR stands for General Data Protection Regulation and it’s the new privacy-focused regulations within the European Union, applying to all 28 member states. If you’re a company that handles any kind of user data within these countries, you’ll need to respect the rulebook or face the consequences. If you’re a citizen, then you’re going to have a lot more control over your data, and, implicitly, over your privacy. Even if you live abroad and visit Europe for business or pleasure, the GDPR still protects your data.
This seems to have already caused some confusion at Facebook, who announced it was moving any non-European users out of its Irish servers. This, of course, will not work too well if those individuals ever visit Europe again, as their data will once more fall under the same data protection regulations.
The brand new GDPR replaces the 1995 Data Protection Directive simply because it was something that was long overdue. There’s little that the online world of 1995 has in common with today’s world, and there’s little these two eras have in common when it comes to data retention. Google wasn’t even a company back in 1995, as they started out in 1997, and it was another nine years before Facebook was created.
The new regulations reinterpret what “personal identification information” is, expanding the meaning to include basic identity information like name, address, and ID numbers, as well as user location, IP address, cookies, RFID tags, health and genetic data, biometric data, racial or ethnic information, political affiliation, and sexual orientation. It pretty much adapts the law to this day and age and it brings great benefits to Internet users who will suddenly have a lot more power over their data and what companies do with it.
All data will need to be secured and, in case of a data breach, authorities and users need to be announced within a 72-hour window. For instance, had Yahoo revealed its data breaches as late as it has, especially the 2014 one which they had known about since shortly after it happened, they’d be in big trouble.
How big of a trouble? Well, the fines can go up to 20 million Euros, or 4% of the annual global turnover, whichever is highest. For a company the size of Yahoo, that can mean a lot of zeroes. The same goes for any other major tech company.
So, the world’s companies have already implemented the necessary changes to make it work with the European Union. In fact, Facebook, for instance, is not going to apply the changes locally, but worldwide. Mark Zuckerberg said during his recent interview sessions with the US lawmakers that he sees a lot of good things in the GDPR.
If you’re a Facebook user, and chances are you have an account, you’ve probably already received some notification from the company about the changes their privacy policy is going through. The network gives you the possibility to decide how each bit of your info is used and shared with the world, like profile info, sexual preference, religious views, and political views, photos, and so on. While the option is there, the company is actually trying to convince you every step of the way not to change anything. There’s an “agree and continue” button that’s there even if you didn’t go through the info, and if you want to look into things more closely, Facebook argues that you should just leave it up to them.
Another thing that’s quite important here is the facial recognition feature. The same thing applies here – you can retract Facebook’s right to track other pics of you and recognize who you are just through scanning a picture, but it warns you it won’t be able to let you know when friends post pics with you in them, or when someone tries to impersonate you by using your pics in a new account.
You can also stop Facebook from targeting you with ads based on your browsing habits on sites that feature its like and share buttons. But there’s no way from stopping the network from using that data for something else, like customizing your News Feed.
What does the GDPR change on Twitter and Gmail?
Twitter users may have also noticed the GDPR compliance efforts. Sure, they haven’t rolled them out just yet, but they will on the day the GDPR goes live – May 25.
For the most part, Twitter is going to better clarify its policies so they’re easier to understand. Users will be able to review, change, and approve what types of data they share with the company and what the company does with them.
Google is also updating the terms of service and privacy features on all of its products. Gmail is one of the most used tools coming from Google, and one of the easiest email platforms to use. Ahead of the GDPR, the company rolled out the largest redesign Gmail has seen in years. One of the biggest features we can see here is the new “confidential mode” which can stop recipients from forwarding, copying, downloading, or printing emails received via Gmail. Users will also get to send self-destructing emails by creating a page where the message can be viewed before vanishing into thin air.
GDPR does bring more control over data, and a greater burden for companies to make sure that they properly protect everything. Sure, they were supposed to do this anyway because trust is a fickle thing and it can go away at the first sign of a data breach, but the risk of losing hundreds of millions in fines is sure to keep them in check.
At the same time, the GDPR also puts more responsibility in your court – the user’s. When using a service, you should be quite aware of what data of yours they’re using, what they’re using it for, and how it all works. Now that the companies will need to make things clear as daylight, there’s no excuse to fall behind and not check what’s happening to your data.
The Cyber-Secret Futurist 