Benefits of GDPR
GDPR places a lot of emphasis on transparency and consent. The regulation aims to tighten controls around data protection and hold companies accountable at a time when many of them are profiting from our data. Here are some of the ways GDPR will benefit you as a consumer:
(i) Explicit ‘opt-in’ consent – Companies will need to explicitly ask users for consent to process their data. It will no longer suffice to have this information within the Terms & Conditions, for example. The consent will need to be obtained through clear affirmative action, such as a separate tick box.
(iii) Right of data access – You have the right to to request a copy of all of the processed data that a company has on you, and they have a month to comply. Facebook is already making progress towards this; you are able to download all of your information off of your profile now through Settings > Your Facebook Information > Download Your Information.
(iv) The right to be forgotten – You will be able to request to have you information erased if you no longer want your data processed. There are exceptions to this, including when the information is a matter of public interest or when it concerns the right of freedom of expression for example. In general however, a company is required to delete any data they have on a user without delay.
Who does the law apply to?
Any business within the European Union, and any business that has any dealings with EU citizens even if that business is not based in the EU will need to make arrangements to accommodate GDPR. Mark Zuckerberg has said that Facebook will be complying with GDPR – the company will be aiming to implement its principles globally where possible.
There are heavy penalties for companies who do not comply with GDPR – they may be fined up to 4% of their annual worldwide turnover.
This will create significant hassle for companies in the short term as they scramble to implement this very new legislation that has not been practically applied yet. There will also be a considerable cost involved – Financial Times reported that Fortune 500 companies will be spending a combined $7.8bn to ensure compliance.
Further, some websites may not be available in the EU right away (or at all). Trying to access certain US websites from within the EU currently yields this message:
The legislation may be difficult and expensive to implement for companies, and we may not have access to some websites, but that’s a sacrifice I’m willing to make as a consumer. We just went through the Cambridge Analytica/ Facebook scandal and it left many people rightfully concerned with how their private data is used. A legislation like this is timely and will give consumers comfort in knowing that their data is appropriately protected.
Companies face high cost to meet new EU data protection rules, Financial Times
Right of access, Information Commissioner’s Office
Right to be informed, Information Commissioner’s Office