No doubt you’ve heard of the General Data Protection Regulation (GDPR) introduced by the European Union by now. Some companies, such as Facebook and Google, have already been accused of breaking the legislation which protects EU citizens from having their personal data misused. It also gives them more control over their personal data. So, just what IS personal data?
Since it includes “any information” one must assume that the term “personal data” should be as broadly interpreted as possible. This can mean:
- your name
- your e-mail
- your identification number
- your phone number
- your credit card
- your license number plate
- your account data
- your location data
- your online identifier
- or one or several special characteristics which express your physical, genetic, mental, commercial, cultural or social identity
Will the GDPR affect me?
Yes. Whether you have signed up for newsletters via social media or online shopping websites, the GDPR is likely to impact us all.
You have the power to hold companies accountable as never before. If individuals begin to take advantage of GDPR in large numbers, whether by withholding consent for certain uses of data, requesting access to their personal information from data brokers, or deleting their information from sites altogether, it could have a seismic effect on the data industry.
But why is the GDPR so important for me as an individual?
GDPR replaces today's legislation regarding privacy in member countries currently subject to the EU. The GDPR sets a new standard for data collection, storage, and usage among all companies that operate in Europe. It will change how companies handle your privacy and will give people new rights to access and control their own data on the internet.
It gives you the right to ask companies how your personal data is collected and stored, how it's being used, and you can request that your personal data be deleted. You can also object to personal data being used for certain purposes like direct marketing. If you buy a pair of shoes through an online retailer and start seeing ads for similar shoes, you should be able to ask the retailer to stop using your personal data for direct marketing purposes. Under the GDPR, those and other rights are guaranteed.
You have the power to hold companies accountable as never before
Does it only affect European countries?
It remains to be seen how much the rest of the world will benefit from the GDPR rules, but there are likely some rights that companies couldn’t apply to just Europeans even if they tried.
For example, companies will now have to notify a European agency if they had a personal data breach within 72 hours of a breach. If the breach exposes users to high risk, the company also needs to notify users directly. Those kinds of rules could have spillover benefits to people outside of Europe, and could similarly influence how companies conduct business regardless of the country.
Good to know. . .what’s next?
If you live in Europe, a good first step would be to familiarize yourself with the European Commission's list of rights provided under the GDPR:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- rights in relation to automated decision-making and profiling
You can find step-by-step guides for things like:
- asking a company what kind of data it has collected about you
- requesting that it stop processing that data
- or delete that data altogether
You can also learn how to file a complaint if your personal data has been leaked and what to do about personal data collected about children. One thing you can do right away: start asking companies for the personal data they've collected about you.
Realistically, most privacy policies will still not be human-readable and will be hiding the needles in a haystack of legalese. But the policies could point to new privacy toggles or ways to prevent companies from processing and sharing your personal data. Those might be worth exploring, if only by quickly searching for key terms.
Will it work?
The rules will always be bent, if not broken, by companies seeking to gain a competitive advantage. But the newly introduced principle of demonstrable accountability and the unprecedented scale of penalties made available to the regulators should constitute a greater deterrent against breach and a shift from the current, relatively toothless and largely ignored, regime.
It's one area where we might see some meaningful gains for users seeking to take charge of their digital lives - even though in the aggregate, there’s relatively little they can do.