topic submitted by saacnmama
From an internet article.
If you’re a person on the internet, you’ve probably been getting a lot of emails from companies about privacy updates, all related to a new law that just went into effect in the European Union: the General Data Protection Regulation, known as the GDPR.
1. What is the GDPR?
It’s a set of data privacy laws that was approved by the European Parliament in 2016, and after a two-year transition period, it’s now law. It affects any company that handles the personal information of anyone in Europe, and that means any company that does business in Europe, even if it’s based in the United States or somewhere else in the world.
It’s much stronger than privacy regulations in the United States. It basically says that companies have to get explicit permission to collect and use your data, and that they have to let you see what they’re storing and allow you to remove it. If you’re in the EU, that is.
2. Why is the EU putting new regulations in place (and why isn’t the United States)?
The EU, being made up of lots of different countries, has a lot of rules around privacy and data collection and how data should be stored by companies not based in Europe. So really simply, the GDPR is an attempt to create one set of rules that everyone can follow, and it happens to enact the most consumer-friendly set.
The United States essentially has no federal privacy regulations around data collection, use and notification. The difference is really cultural; privacy is considered a human right in Europe, and of course, it’s a much more regulation-friendly environment. American citizens have a lot less concern about trading information for free goods or services, like email, maps, chat or photo sharing, and it hasn’t seemed necessary.
3. What do the new privacy regulations mean for users in the United States?
It depends on the company. In the short term, it means a lot of emails about updated terms of service and privacy policies, which you’ve already probably noticed. But some companies, like Microsoft, have said that it’s going to make the rules of the GDPR standard for every user, even people in the United States. So in theory, that could mean that you could call up Microsoft, ask to see what personal information it has about you and maybe ask Microsoft to delete it.
4. What do businesses need to do to comply?
First, they have to figure out if this applies to them. It applies to any business that processes the information of anyone located in the EU. There are probably some businesses that don’t realize that their mailing list is international.
And even if they don’t understand exactly how to comply with the new rules — because they are a little bit vague — experts say that they at least have to make a good-faith effort to get consent from people in the EU to collect and use their information.
5. What does the future hold for new privacy regulations? Could this be a new standard?
That’s the hope of a lot of privacy advocates. It is likely to have a trickle-down effect on big companies, at least. It will just be easier in the long run to have one set of behaviors for how you treat personal information . And it could lead other jurisdictions to craft new privacy rules in the image of the GDPR. California is working on very strong regulations, for example.
It’s also important to note, though, that this will have a lot of downstream impacts on companies, especially small ones that can’t take the risk of large fines if they expand into Europe. So the big will stay big and get bigger.
Totebaggers, have you been reading the new privacy notices? Are you planning to take any action to examine the data held on you? Are you actively concerned about privacy issues in general?
Note: Our site was established under an earlier version of WordPress that allows fully anonymous comments with no requirement to provide an email address. (Some posters have routinely filled in the box, but it is not necessary.) So far an update has not been forced on us. We therefore do not request or “monitor” personal data. We also do not engage in economic activity.