The regulation, GDPR finally came into effect on 25 May.
The GDPR rule has flipped the relationship between massive technology companies that gather data, and the users (from whom technology companies gather data).
What is GDPR?
GDPR law is a successor for the 1995 Data Protection Directive. The General Data Protection Regulation (GDPR) (EU) 2016/679 is a new regulation on data protection and privacy for all users in the European Union (EU) and the European Economic Area (EEA). Moreover, GDPR includes the export of personal data outside the EU and EEA.
Some of the rights that GDPR will strengthen are:
- Now users have more power to demand companies reveal or delete the personal data they hold;
- Regulators of different region can work together across the EU for the first time, rather than working separately in each jurisdiction;
- Fines for violating GDPR laws are set at $20 million or 4% of a company’s global turnover, or whichever is larger).
Who got covered?
GDPR affected every company, but the firms such as technology firms, marketers, and the data brokers got the hardest hit. These are those companies whose business models rely on acquiring and exploiting consumer data. According to the GDPR law, now companies need clear consent from users to process their data. Moreover, the consent has to be explicit and informed – and renewed if the use changes.
“GDPR requires clear consent and justification for any personal data collected from users, and these guidelines have pushed companies across the internet to revise their privacy policies and collection practices.”
Facebook and Google alleged for breaking GDPR laws
The new General Data Protection Regulation (GDPR) is supposed to give users a free choice, whether they agree to data usage or not. However, the opposite thing happened on the users’ screen. Tons of “consent boxes” popped up online, combined with a threat, that the users cannot use the service until they don’t agree with the consent.
Facebook has blocked many users who have not given their consent. And in the end, users either had to delete their account or hit the “agree” button.
Due to this reason, noyb.eu filed lawsuits against some big companies including Google, Facebook, WhatsApp, and Instagram for coercing users to share their personal data. Both companies, Google and Facebook got hit by a raft of lawsuits.
“Max Schrems, a longtime critic of the companies’ data collection practices, filed lawsuits against Facebook 3.9 billion and Google 3.7 billion euro (roughly $8.8 billion in dollars) for processing users’ personal data without taking any clear consent from those users. “
What Google and Facebook have to say about this?
According to a Google spokesperson said: “Google is taking care of users’ privacy and security into their products from the very earliest stages and is committed to comply with the EU General Data Protection Regulation. Moreover, since last 18 months, they’ve taken some major steps to update their products, policies, and processes to provide users with meaningful data transparency and control across all the services that they provide in the EU.”
According to Erin Egan, Facebook’s Chief Privacy Officer,” Since 18 months Facebook is trying its best to meet all the requirements of GDPR. They have made their policies clearer and privacy settings easier. They have also introduced better tools for people to access, download, and delete their information.
Will it make online data gathering less creepy?
It’s too early to say. We hardly know what compliance looks like, but we don’t have an idea that how strict the EU regulators will be. The simplest takeaway is that breaches will get a lot more costly. It will get more expensive to share user data.
The GDPR can also break an entire nation in two – the European Union and the rest of the internet. So far, most of the companies are working on a single set of privacy rules for every user. This is why US users are observing new privacy features and terms of service.