Of late there has been a major debate around the world regarding online privacy and data collection by Internet giants such as Facebook and Google. Internet users don’t feel safe using online services anymore because every moment their data is being tracked, collected, and sold off without consent. The European Union have legislated new regulation that will bring back power to its citizens over their personal data. According to the General Data Protection Regulation (GDPR) which will come into effect on the 25th of May, 2018, websites and apps must provide retention time for personal data, and contact information for data controller and data protection officer has to be provided.
Whether you use the Internet to send emails, chat with friends, or watch YouTube, each moment your activity is being surreptitiously tracked and your personal data stolen for profit. Even those who think they have nothing to hide know that their personal details are out in the open for internet giants to use however they please.
In fact, the data breach starts right from the Internet service provider. Since all Internet traffic is visible to the ISP, they are in the best position to collect the maximum data about users. No other company knows our online details and data than the ISPs. Whether we like it or not, our data is being collected by our Internet service provider and is used for various profitable purposes. The US government even gives them permission to do so.
Just when we thought that consumers have no choice but to accept the privacy breach on a regular basis, the European Union passes a landmark law that tips the balance in favor of Internet users. Internet giants or ISPs had no obligation to be accountable to users. Now they do.
Come May 25th, the General Data Protection Regulation or GDPR, takes effect not only in the EU but also around the world. To put it in short, this rule will ensure that users know, understand, and consent to data about them collected by companies.
Need to Change
Having an extensive fine print won’t be enough, neither will coaxing users to click Yes in order to sign up for something. That is the reason why major companies around the world have been updating their privacy policies. The new rule has started to affect even the US-based companies and it’s evident from the way large corporations are scrambling to adapt to the new regulations.
Companies cannot be vague in their privacy policies anymore. They have to be clear about the collection and use of personal details such as name, address, location, IP address, or any other identifying information. Companies have to clearly state what the data is being collected for and if it will be used to create user profiles.
Besides this, Internet users will also have the right to know what data companies collect about them, correct inaccurate information, and also restrict the use of the data.
Although the law is mainly meant to protect the member countries of the EU, its effects are being felt worldwide because the law applies even if the data is processed somewhere else in the world. The new GDPR law will apply to banks, online publishers, social networks, universities, Fortune 500 companies, advertising agencies, as well as US-based tech giants like Google, Microsoft, and Facebook.
How The New Regulation Will Be Implemented
The European Commission, the legislative branch of the EU, states as an example that if a social network user asks for a photo to be deleted, the social network will not only have to comply with the request but also inform search engines to remove the photo from results.
In another example, the commission said that although app cab services could ask for the name, address, and credit card number of the user, it could not request the sexual orientation, race, religion, and political affiliation because they are categorized under sensitive information.
The effects of the law have been felt ever since it was framed in 2016. In response to the rule, Google has announced that it would stop mining Gmail emails for ads, Facebook launched its own privacy dashboard, and several ad-tech companies have decided to curtail business in the EU because they are unsure about the effects of the rule. GDPR is predicted to set the standards for global data protection for the next decade, and the changes apply to all corporations around the world.
At the most basic level, users will be better able to know and understand how their data is collected and used by companies, and have the right to limit such collection and use. Privacy policies will become simpler to understand, and consumers will have a say in how their data is circulated over the web.