Everyone seems excited about the new privacy rules, the General Data Protection Legislation (GDPR), that came into force now in Europe. GDPR promises to bring the attention back to customers, giving them some control over their data. Offering strongest protections seen up to now, GDPR is applicable in all member countries of European Union, harmonizing data privacy legislation across Europe.
By now you should have received over a large number of emails asking you to give your approval. From simple newsletters to major tech companies such as google, everybody has been hustling to get user approval even if they had given their approval. Just a minute ago, Disqus reveals this display to ask for my approval:-LRB-************)
Connected Facebook Starts Asking Non-Europeans to Review Their Privacy Settings
However, criticism will definitely comply with a law which promises to give the strongest protections that we’ve ever seen in a world where privacy is but a fantasy. But many hope that other nations as well as EU will continue to evolve these principles to ensure businesses don’t eliminate everything by requesting a simple consent.
Connected Apple Launches New Privacy Portal Ahead of GDPR — Here’s How to Download a Copy of Everything Apple Stores on You
Jump To Section
- 1 What exactly is GDPR — a few highlights
- 1.1 — Consent must be “freely given, specific and informed as well as unambiguous”
- 1.2 — Businesses Can’t process personally identifiable information
- 1.3 — Businesses must have a specific reason to process data
- 1.4 — Users will be able to withdraw consent at any time
- 1.5 — Data needs to be stored securely
- 1.6 — EU citizens will have the right to be forgotten
- 1.7 — Children need parental approval
- 1.8 — Right of access aka those “download your data” tools
- 1.9 — You’ve got the right to Receive your information deleted or rectified
- 1.10 — You can take your data anywhere you want
What exactly is GDPR — a few highlights
The European Parliament adopted the GDPR in April 2016, substituting a directive from 1995. GDPR is a law that requires companies that gather data from European users to safeguard personal information and privacy of EU citizens. These rules govern how businesses protect user privacy, store user data, and how this information is exported out the EU.
GDPR protects private data, such as:-LRB-************)
- Identity information — name, address
- Health and genetic data
- Biometric data
- Location info — IP address, cookies
- Racial, cultural data
- philosophical remarks
- Sexual orientation
If you’ve been wondering how GDPR is giving you control and just what is this legislation all about, here are a few of the major points of the new regulation.
— Consent must be “freely given, specific and informed as well as unambiguous”
This is one of those core principles of this 99 articles put forward by the GDPR. The law requires that the companies to get approval through a “clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her.”
— Businesses Can’t process personally identifiable information
Article 9 of the GDPR states that the companies Can’t process personal data that shows:-LRB-************)
- Racial or ethnic origin
- philosophical remarks
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data for the purpose of uniquely identifying a natural man
- Information regarding health or information concerning a natural person’s sex life or sexual orientation
Unless, permission is granted or there’s a legal reason to process the personally identifiable information.
— Businesses must have a specific reason to process data
Under the Article 5, GDPR needs all businesses to collect information for specified, explicit and legitimate purposes. This essentially means that anybody who claims they have a need to process user data need to have a clear reason to do so (there are 6 reasons given in article 6).
For instance, Wccftech recently asked its newsletter subscribers if they’re prepared to let us continue storing their information, including their names and email addresses. Since newsletters can’t be sent without these details, it makes for an “explicit and legitimate” motive to store and process information.
— Users will be able to withdraw consent at any time
You felt like giving your permission to Facebook to keep your information in 2012. Shouldn’t you be able to eliminate that permission years after you gave your arrangement? GDPR provides EU citizens a right to withdraw their consent at any time. “The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal,” the legislation states.
As long as it is simple for users to draw their approval, there should not be any issues for the users or the businesses.
— Data needs to be stored securely
Passed in 2016 — called the year of data breaches — GDPR attempts to restrict data exposures by demanding businesses to store and process data in a manner that ensures the safety of private data. This means that even if you have consented to share your private data with a business, it does not mean that you’re okay with them being reckless with this data.
In the event the business suffers a breach, your information should be saved in a form — anonymized or encrypted — which it can’t be used by anybody else other than the firm that had obtained your consent.
— EU citizens will have the right to be forgotten
While we’ve heard a lot about privacy policies and how consent is given, there is more to GDPR than simply clicking on the Agree button. Article 17 of this GDPR provides EU citizens right to erasure aka right to be forgotten. This has been set up as we had previously reported on how Google decided on what requests to comply with and what to ignore (read: criminal politicians hoping to rewrite history).
“The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies,” the legislation reads.
— Children need parental approval
GDPR requires companies that process data of these under 16 years old to request approval from their parent. Facebook already implemented this feature, but it’s yet to be seen how do companies avoid being tricked by kids who can show their friends as their parents (at least at the Facebook instance ).
GDPR does place the responsibility of the on the companies who process data to “make reasonable efforts to verify” that approval has been given by “the holder of parental responsibility over the child.”
— Right of access aka those “download your data” tools
We discussed several articles detailing steps which you can use to download a copy of all of the information that a certain company stays on you. Some companies such as Google and Apple provided this ability before GDPR. Others like WhatsApp began doing this to comply with the GDPR rules.
This article effectively provides you the right to get details from the company that holds your information if they are processing your information, on what categories, for how long they’ve saved this data, and whether the data was not directly collected from the consumer then what is their origin.
Apparently, this guide has been used in Europe to determine how credit score businesses acquire their information and how transparent their procedures are. As we mentioned previously, GDPR is not just about compliance, it is going to lead to a great deal of headaches for plenty of companies who must stick to these user requests, also.
This one is also a good example of the way GDPR is not only benefitting those inside Europe but people everywhere also. These data download tools are made accessible by all the big companies to all their users worldwide.
— You’ve got the right to Receive your information deleted or rectified
You will now have to right to demand businesses to correct your information if there is any inaccurate personal data being saved. You’ll also have the ability to demand the data control — that is, any company processing or storing information — to permanently delete it.
— You can take your data anywhere you want
A firm like Facebook or Google retains a whole lot of information on you. If you choose to quit using any of the services, this should not mean that you drop all the content generated during that time. GDPR provides Europeans the right to information portability.
Firms have to supply all the data stored on a user “in a structured, commonly used and machine-readable format,” so you can take that information to another company at any time you desire.
The General Data Protection Legislation gives a lot of different rights and controls to the user. The regulation has also expanded the range of what must be regarded as personal data. Together with security of personal data, GDPR also requires companies to notify users inside 72 hours of a data breach or face massive fines. While we might feel as if we’re being railroaded into giving our approval, the new privacy rules provide several added protections that a European consumer may use to strengthen their solitude and need further protections.
The reason why these principles will be able to prevent these data monsters in their tracks is the penalties that could go up to 4 percent of the annual worldwide turnover, or $20 million, whichever is greater.
— Do you believe GDPR is about to initiate a new age of net where users get back control of the data? Or, do you think if solitude is indeed a fantasy? Do not forget to share your ideas.
n.push=n;n.loaded=! 0;n.version=’2.0′;n.queue=-LRB-*************************);t=b.createElement(e);t.async=! 0;