Privacy laws will never be the same
Have you recently been bombarded by emails about new privacy policies? Have you wondered: What the heck? Why are all the mega-corporations suddenly so concerned about my privacy? The answer is spelled GDPR. The acronym means General Data Protection Regulation. It is the new EU privacy law that just went into effect.
You may ask: Why this mad scramble for compliance? And why now? Well, May 25 was the compliance deadline for GDPR. The fine for non-compliance is $25 million or 4% of earnings, whichever is higher. Such a fine is hard to ignore.
What is GDPR?
There is a recent article on ZeroHedge Everything You Need To Know About GDPR. The title is self-explanatory. Here’s a quote from the article:
GDPR […] aims to give consumers more control over the personal data companies collect about them. Not only does the legislation affect organizations based within the EU itself, but it also applies to companies outside of the EU if they provide services to – or monitor the activities of – EU citizens.
The intention of the regulation is to strengthen the protection of personal data by giving consumers more control over their data. That is a good thing, and many would say it was long overdue.
Consequences of the regulation
If you believe in bureaucratic solutions to complex problems, GDPR has no downside. But aren’t you just a little skeptical? What about those pesky unintended consequences?
ZeroHedge: Consumers […] will have the right to access the personal information that companies store on them and find out what the data is being used for and where it is being kept. It also gives users the right to be forgotten. That means that you have the right to ask people to delete the information they have on you and prevent third parties from getting access to it.
Giving consumers these rights is certainly a lofty goal, and well-intentioned, but their practical implementation raises many questions. For example, it’s hard to imagine mega-corporations, such as Facebook, that will erase their user data upon request. How will they make a profit without user data? After all, that is what they sell. They can’t and therefore they won’t. (This post shows their point of view.)
It is more probable they’ll tiptoe around the law – while maintaining formal compliance – with the help of very specialized (and expensive) legal representation.
What to do now
What does that mean in practice for single bloggers, small websites, and companies? As always, using a simple common sense approach works best.
- To begin with, if you have few EU customers, ignore the law and try to fly under the radar.
- Incorporate references to privacy policies of data processors you use, such as spam filters, analytics services, plugins, etc.
- Add disclaimers on your data entry forms.
- Lastly, watch the struggle of the giants to see where it is going.