GDPR comes into force, ramifications visible from day one

Major U.S.-media outlets including the LA Times and Chicago Tribune forced to shutter websites in parts of Europe

New European privacy regulations went into effect on 25 May that will force companies to be more attentive to how they handle customer data.

The ramifications were visible from day one, with major U.S.-media outlets including the LA Times and Chicago Tribune were forced to shutter their websites in parts of Europe.

People in the bloc have been bombarded with dozens of emails asking for their consent to keep processing their data, and a privacy activist wasted no time in taking action against U.S. tech giants for allegedly acting illegally by forcing users to accept intrusive terms of service or lose access.

"You have to have a 'yes or no' option," Austrian Max Schrems said before filing complaints in European jurisdictions. "A lot of these companies now force you to consent to the new privacy policy, which is totally against the law."

The European Union General Data Protection Regulation (GDPR) replaces the bloc's patchwork of rules dating back to 1995 and heralds an era where breaking privacy laws can result in fines of up to four per cent of global revenue or US$23.5 million, whichever is higher, as opposed to a few hundred thousand euros.

European privacy regulators signalled that they were ready to flex their muscles but were not "sanctioning machines".

“This (forced consent) is an issue that we will be looking at immediately, and work is already underway," said Helen Dixon, head of the Irish Data Protection Commissioner, which will be responsible for policing U.S. giants Facebook and Google, among others.

Many privacy advocates have hailed the new law as a model for personal data protection in the internet era and called on other countries to follow the European model.

Critics say the new rules are overly burdensome, especially for small businesses, while advertisers and publishers worry it will make it harder for them to find customers.

The GDPR clarifies and strengthens existing individual rights, such as the right to have one's data erased and the right to ask a company for a copy of one's data.

But it also includes entirely new mandates, such as the right to transfer data from one service provider to another and the right to restrict companies from using personal data.

"It's a gradual and not a revolutionary kind of thing ... However for many companies it was a huge wakeup call because they never did their homework. They never took the data protection directive seriously," said Patrick Van Eecke, partner at law firm DLA Piper.

Activists are already planning to use the right to access their data to turn the tables on internet platforms whose model relies on processing people's personal information.

That means companies have had to put in place processes for dealing with such requests and educating their workforce because any non-compliance could lead to stiff sanctions.

Studies suggest that many companies are not ready for the new rules. The International Association of Privacy Professionals found that only 40 per cent of companies affected by the GDPR expected to be fully compliant by 25 May.

Data portability

It is unclear how many provisions of GDPR will be interpreted and enforced. European regulatory authorities, many of whom say they are under-funded, will oversee the new law, with a central body to resolve conflicts.

One key provision of GDPR, the right to data portability, is causing particular confusion.

"I think the data portability rights are pretty significant and are going to take a while for people to figure out what the bounds of them are and how to go about complying with them," said David Hoffman, associate general counsel and global privacy officer at Intel.

For example, music streaming services such as Spotify create playlists for users based on their music preferences.

While a user seeking to exercise the data portability right would be able to move playlists he or she created, the situation becomes fuzzy if the playlists are created by the streaming service using algorithms.

EU data protection authorities said individuals should be able to transfer data provided by them but not "derived data" created by the service provider such as algorithmic results.

"It's not obvious that you can necessarily migrate the data from your system to somebody else's system," Tanguy Van Overstraeten, of Linklaters, said.

On the business side, companies are rushing to renegotiate contracts with suppliers and service providers because GDPR increases their liability if something goes wrong.

Data processors which only process or store the data on behalf of their clients, for example cloud computing providers, will be directly liable for sanctions and could face lawsuits from individuals, and that needs to be reflected in contracts.

(Editing by Matthew Mpoke Bigg and Toby Chopra)

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags GDPR

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Reuters

Reuters

New Zealand Reseller News
Show Comments

Brand Post

Bitdefender 2019

Taking cybersecurity to the highest level and order now for a special discount on the world’s most awarded and trusted cybersecurity. Be aware without a care!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?