As GDPR kicks in, companies feel initial tremors

New EU privacy rules require online services such as Facebook to get consent for how personal data is accessed and shared

As GDPR kicks in, companies feel initial tremors

"Rather than fully appreciate the implications for both parties and how more trust can be nurtured with the Data Subjects in Europe (who, most of the time, are their own end-customers), they ask their IT providers to sign amendments without giving due consideration to the consequences", said Erwan Carpentier, SVP & General Counsel, Mindtree.

That's when the EU's General Data Protection Regulation takes effect.

Companies have to clearly explain what you're signing up for or opting in to at the point you're presented with the choice.

The group NOYB.EU - which stands for "none of your business" - claims its action could force the US internet giants to pay up to 7 billion euros ($8.2 billion). Smaller companies could struggle to do so, especially if many users request it at once.

But Schrems' complaints argue that the consent boxes popping up on the screens of users of Google, Facebook and their affiliates does not meet this standard.

The dangers of privacy breaches, cybercrime and misuse of persona data had led to beefed-up laws in the EU.

The companies are accused of forcing users to consent to targeted advertising to use the services.

New EU data protection rules are likely to radically change how websites use and share personal information and track users

NOYB points out that GDPR explicitly allows any data processing that is strictly necessary for the service, but using the data additionally for advertisement or to sell it on needs the users' free opt-in consent. Most companies have never needed to turn over data they'd collected to a single user, or delete it.

There's also a somewhat vague category called "legitimate interests".

"A New Zealand business that's doing business in Europe will have to be cognisant of these". An organization can be fined up to €20 million or 4% of their worldwide annual turnover (whichever is greater) under the laws. The intention of the European Union politicians wasn't to allow companies to claim that any data whatsoever can be called a "legitimate interest". Companies are also required to maintain documentation of your obtained consent. The 10 biggest tech companies, if found in violation, could accumulate fines that top $50 billion, according to Axiom's research.

But it's an open question how the rules will affect visitors to Europe.

For example, Apple has launched a new privacy portal where people can download all their personal data or delete their account, in other words providing people with the rights of access and erasure. The entity is chaired by Max Schrems, who as a law student brought the case against Facebook that caused the downfall of the US-EU data Safe Harbor agreement. Further, it will also prevent the export of people's data to outside territories.

Facebook CEO Mark Zuckerberg, for instance, promised "global settings and controls" for users during his USA congressional testimony in April, but was otherwise vague on the subject.

But segmenting European Union customers from the rest of the world isn't easy, especially for smaller companies without Facebook's or Google's technical prowess. The Pinterest-owned, read-it-later bookmarking service is taking a break in Europe - apparently while it works on achieving compliance with the region's updated privacy framework, GDPR, which will start being applied from tomorrow.

Altre Notizie