Privacy Policies and the GDPR

Hello Seabrook! Hope everyone had a nice Memorial Day holiday.

You may have seen a recent increase in e-mail from companies in which you have previously created an account concerning updates to their privacy policies. In fact, here is a recent snapshot of my email:

Did I open them and read all the fine print…. of course not. Who’s got the time for that? In fact, have you ever stopped to read what you agree to when you install a program or sign up for an account? Most people are just looking for the “I agree” button to continue along their merry way.

Today, I want to talk about why companies are sending us new updates to their Privacy Policies. The recent influx is attributed to a new regulation called the GDPR, the General Data Protection Regulation, which just went into effect on May 25th. The GDPR was put in place by the European Union (EU) for the purpose of protecting data privacy. This was started back in 2012 to make Europe more “ready for the digital age.” Four years later, the terms were agreed on, and just last week, the laws are now governing these digital companies. It basically means that companies have to be more explicit in what data they have about you and how they plan to use it. The new policy also allows users to request a copy of all the data a company collects from you, as well as being able to request that the company deletes the data. If they fail to comply, they are subject to steep fines according to the GDPR.

Recently, you may have seen Facebook CEO Mark Zuckerberg on the Senate Floor explaining how Facebook uses the data from its users and what it does with that data. The hours of exchanges between Facebook’s executives and senators who didn’t quite grasp the concept of how Facebook works will be quite the comedy bit for years to come.

Here’s the caveat (for the moment). This is a European regulation, and only citizens of the 28 states of the EU have the ability to take advantage of this law. So, how does this affect us here in North America? Any company who controls or possesses data of European citizens has been racing to become GDPR compliant. Since many of the companies we deal with also deal with European citizens, this explains why we’ve seen our inbox full of subject lines reading “Updates to our Privacy Policy.”

With the new law in effect will come an increase in the number of “opt-in” choices a user will have to make. And those choices will have to be clear to the user on how the company plans to collect the data. In the past, companies would put this information into the “Terms and Conditions” page which was just usually muddled in legal jargon.

Another benefit of the GDPR is that these large companies, should they have a data breach, will be required to notify their customers within 72 hours of the data breach or they will be levied with steep fines – fines as much as 4% of the company’s global annual revenue!

Since we are in a time where almost everything we do revolves around our personal data, social media, banks, retailers, and governments are being held to higher standards than in previous years. Think about the past 6 or 7 years. Isn’t it often that we hear on the news about a substantial data breach that a company has to admit happened and that personal and private data thousands of users were stolen? In many cases, the breach happened several years earlier, but the company, in an attempt to save face, will finally admit that they were compromised. The GDPR will ultimately curb that behavior, which is good news for all of us here in the digital age.  It will also mean that new businesses that plan on having a digital presence will have better data safeguards built in from their early stages of development.

If your data can be given to companies for their use, it will also give you the right to request that your data can also be “forgotten.” At least for European citizens. The United States doesn’t really have a “one size fits all” approach when it comes to data protection. Our regulations on data privacy are really industry-based, such as HIPAA, which guards our medical and healthcare data.

Hopefully, my blog post was a bit more enjoyable to read than the next time you’re expected to read the “Terms of Agreement” from the next online company you deal with!

Chad Droze
Post & Computer Center – Freshfields Village

Leave a Reply

Your email address will not be published. Required fields are marked *