Tech Giants Brace for Europe’s New Data Privacy Rules
[Access the GDPR here: https://gdpr-info.eu ]
Over the past two months, Google has started letting people around the world choose what data they want to share with its various products, including Gmail and Google Docs.
Amazon recently began improving the data encryption on its cloud storage service and simplified an agreement with customers over how it processes their information.
And on Sunday, Facebook rolled out a new global data privacy center — a single page that allows users to organize who sees their posts and what types of ads they are served.
While these changes are rippling out worldwide, a major reason for these shifts comes from Europe: The tech giants are preparing for a stringent new set of data privacy rules in the region, called the General Data Protection Regulation.
Set to take effect on May 25, the regulations restrict what types of personal data the tech companies can collect, store and use across the 28-member European Union. Among their provisions, the rules enshrine the so-called right to be forgotten into European law so people can ask companies to remove certain online data about them. The rules also require anyone under 16 to obtain parental consent before using popular digital services. If companies do not comply, they could face fines totaling 4 percent of their annual revenue.
“G.D.P.R. is going to introduce very fundamental changes to the way the internet works for everyone.”
The rush of activity is a reminder of how Europe has set the regulatory standard in reining in the immense power of tech giants, while other places — including the United States — have largely taken a noninterventionist stance.
Since the new rules require individuals to give their consent before a company accesses data, for example, Google has had to redesign many consent agreements, as well as change underlying technology to make it easier to remove someone’s data.
On Sunday,[Facebook] began offering a new privacy center that puts user security settings on one page instead of dispersing them across different sections of the social network.
Amazon, too, has made changes. Last April, the company wrote a blog post outlining its efforts to comply with the new European regulations. The internet retailer said it would strengthen the encryption around the data it stores on its cloud storage services, and reaffirmed the rights of customers to choose which region — Europe or otherwise — where they want their data stored.
See the full story here: https://www.nytimes.com/2018/01/28/technology/europe-data-privacy-rules.html
Among the new policies approved on Tuesday:
■ Allowing national watchdogs to issue fines, potentially totaling the equivalent of hundreds of millions of dollars, if companies misuse people’s online data, including obtaining information without people’s consent.
■ Enshrining the so-called right to be forgotten into European law, giving people in the region the right to ask that companies remove data about them that is either no longer relevant or out of date.
■ Requiring companies to inform national regulators within three days of any reported data breach, a proposal that goes significantly further than what is demanded by American authorities.
■ Obliging anyone under 16 to obtain parental consent before using popular services like Facebook, Snapchat and Instagram, unless any national government lowers the age limit to 13.
■ Extending the new rules to any company that has customers in the region, even if the company is based outside the European Union.
See the full story here: https://www.nytimes.com/2015/12/16/technology/eu-data-privacy.html