Information
Equipo Nizkor
        Bookshop | Donate
Derechos | Equipo Nizkor       

06May18


What Europe's Tough New Data Law Means for You, and the Internet


In a couple of weeks, Europe will introduce some of the toughest online privacy rules in the world. The changes are aimed at giving internet users more control over what's collected and shared about them, and they punish companies that don't comply.

Here's what it means for you.

What Are the New Rules?

On May 25, a new law called the General Data Protection Regulation goes into effect across the European Union.

The law strengthens individual privacy rights and, more important, it has teeth. Companies can be fined up to 4 percent of global revenue – equivalent to about $1.6 billion for Facebook.

The internet's grand bargain has long been trading privacy for convenience. Businesses offer free services like email, entertainment and search, and in return they collect data and sell advertising.

But recent privacy scandals involving Facebook and the political consulting firm Cambridge Analytica highlight the downsides of that trade-off. The system is opaque and ripe for abuse.

Europe is attempting to push back.

It's too early to know how effective the law will be, but it is being closely watched by governments globally.

Will the Internet Look Different?

Not really.

Supporters of the law say it will bring sweeping changes to how companies operate online, but in reality, the effect on your internet experience will be minimal. An American visiting Europe, for example, isn't likely to see a difference.

If you live in one of the European Union's 28 member states, there is one change you may welcome – you are likely to see fewer of those shoe or appliance ads that follow you around the internet after you do some online shopping.

As e-commerce became commonplace, a cottage industry sprang up to track people around the web and nudge them back to online stores to complete a purchase. Advertisers call these ads "fine tuned," but most people consider them creepy, said Johnny Ryan, a researcher at PageFair, which makes tools to help companies work around ad-blocking software.

Mr. Ryan said the new rules would make it harder for ad-targeting companies to collect and sell information.

The new law requires companies to be transparent about how your data is handled, and to get your permission before starting to use it. It raises the legal bar that businesses must clear to target ads based on personal information like your relationship status, job or education, or your use of websites and apps.

That means online advertising in Europe could become broader, returning to styles more akin to magazines and television, where marketers have a less detailed sense of the audience.

What Are Your Rights?

Even if you don't notice big changes, the new law provides important privacy rights worth knowing about.

For instance, you can ask companies what information they hold about you, and then request that it be deleted. This applies not just to tech companies, but also to banks, retailers, grocery stores or any other organization storing your information. You can even ask your employer.

And if you suspect your information is being misused or collected unnecessarily, you can complain to your national data protection regulator, which must investigate.

Of course, an individual going up against a giant corporation like Google or Facebook isn't in a fair fight. The law has 11 chapters and 99 sub-articles, and just initiating a case can take as many as 20 steps, according to the International Association of Privacy Professionals, an industry trade group.

What's With All These Privacy Notices?

In the weeks before the law goes into force, internet users have been receiving a stream of privacy policy updates in their inboxes – grocery store loyalty programs, train services, even apps that parents use for youth soccer all have to set out what data they gather from you, and how they handle it.

The law requires that the terms and conditions be written in plain, understandable language, not legalese. Companies must also give you options to block information from being gathered.

But the deluge of emails is leading to concerns that users are agreeing without taking a closer look.

A similar reaction came after the European Union required companies, starting in 2011, to put warnings on websites alerting users that they were being tracked. The rules have led to so many pop-up disclosure boxes that people often consent just to make the warnings disappear.

Companies argue that they are being careful to comply with General Data Protection Regulation, but Giovanni Buttarelli, who oversees an independent European Union agency that advises on privacy-related policies, has been unimpressed.

He has criticized the wave of privacy policy emails as being posed in a "take it or leave it" manner that leaves users thinking they have to accept the terms in order to keep using a service, rather than letting people choose what information to share.

Mr. Buttarelli said the messages may violate the "spirit" of the law.

Will It Make a Difference?

It's too soon to tell.

That may be an unsatisfactory answer, but the long-term effects of the new law won't be known for years.

Much will depend on how strictly national regulators enforce the rules, and how they use their tight budgets. Data-protection agencies in each European Union country will be in charge of policing the companies that have European headquarters within its borders.

That oversight structure is leading to concerns that officials in countries such as Ireland, where Google, Facebook, Microsoft, Twitter and many other data-heavy companies are based, will be overmatched.

A lot of responsibility also falls on you to keep tabs on how companies use your data.

The General Data Protection Regulation provides ways to take action if your information is being misused. But the question is whether people care enough, or if trading privacy for convenience remains a worthwhile deal.

[Source: By Adam Satariano, The New York Times, London, 06May18]

Bookshop Donate Radio Nizkor

Privacy and counterintelligence
small logoThis document has been published on 08May18 by the Equipo Nizkor and Derechos Human Rights. In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.