Over the past week, you’ve probably seen alerts for GDPR everywhere online, in your email inbox, on Facebook and Twitter. It’s a new privacy law being implemented in the European Union. But if you think it’ll have no effect on your life, you’re wrong.
What is GDPR?
As we said, the GDPR or General Data Protection Regulation is a new privacy law being enacted in the EU, that comes into effect tomorrow on May 25. In essence, it’s a new set of guidelines to govern how companies access and use the personal data of consumers and how they’re to help keep them safe. These are mandatory regulations the EU plans to enforce with stiff penalties if companies fail to toe the line.
There are two main parts to GDPR. Firstly, companies that earn revenue off their users’ data (like Facebook and Google) are mandated to explicitly inform consumers how they’re doing this. They have to be absolutely clear with how much data they collect and how, as well as how they then manipulate or sell that data.
The second part is that, not only do they have to ask your permission to collect your data (which is done by asking you to accept a revised privacy policy) you’re also allowed to opt out at any point. Meaning, if you decide to stop using an online service and tell the company so, they have to not only stop collecting your data but also delete whatever information about you they may already have. In addition, in case of any widespread data breaches, companies are now mandated to disclose them to the public within 72 hours.
So what’s happening right now?
All companies that carry out activities in the EU, not just those based there, have to be compliant with GDPR by the time the deadline hits this week. That’s why they’ve been updating their privacy policy agreements to reflect this, and you’ve been seeing alerts to sign off on them on your social media and your email. Any companies that don’t follow these protocols are not just risking official EU penalties, but are also held accountable to consumer lawsuits tanks to the new law.
Why should you care about GDPR?
But why are these alerts showing up for us here in India? Surely laws made in the EU don’t apply to us, and we can’t sue Facebook on the same legal grounds. Well, you’re right there, but the GDPR implementation has still changed a lot for all of us. The thing is, major global corporations like Microsoft, Apple, Google, Facebook, Twitter, and so many others have to adhere to GDPR stipulations. So if they’re changing their privacy policies for the European countries, surely they didn’t have to extend that to others outside its purview? Well yes, actually they did.
GDPR and the devil in the details
While the issue of personal data privacy is in the spotlight, pressure from consumers is forcing the hand of major companies. However, six months from now, nothing is to stop for example, Twitter or Facebook or Google from reverting its privacy policy to the old one. After all, if you log on one day half a year from now, and an alert pops up for you to read the new changes to the privacy policy, are you sure you’d even read it? Probably not.
That’s exactly why it’s so important right now to capitalise on the issue and keep the momentum going. Even the US doesn’t yet have water-tight laws protecting consumer data, let alone India, and nothing in the pipeline to get them soon either. And maybe you’re thinking right now, why would it matter to you if Facebook knew what posts you were liking? You have nothing to hide after all.
Thoughts?