Following the Facebook-Cambridge Analytica scandal and the lengthy debate on data privacy and protection, the European Union has decided to bring forth the General Data Protection Regulation to safeguard its citizens. The new legislation will come into effect on May 25 and will apply to all companies doing business with the EU irrespective of the location of their headquarters.
Any company that collects or processes the data of citizens is required to inform the users and gain explicit consent in the case of sensitive information. Users have the right to know for what purpose their data is being used and can request details of the information collected from them. Companies must provide the information needed without any charge. Stricter rules apply to children under 16.
The GDPR also requires companies to revise their privacy policies to ensure more transparency and to make them easier for the customer to understand so that there is no room for error. This law is a force to reckon with because the penalties for violation are huge. Depending on the seriousness of the offense, the fines could range from 2% to 4% of annual global revenue.
Many companies like Facebook (FB), Twitter (TWTR) and Google (GOOG) have been updating their privacy policies in anticipation of the GDPR.
Facebook recently updated its data policies to enable more transparency. The social media site also changed its settings option and navigation tools to give users more control over the apps and information they are using and the advertisements that come their way. More privacy laws will come into effect with the GDPR which will include consent to handle sensitive data and facial recognition along with age restrictions for children aged 13 to 15.
Facebook-owned companies WhatsApp and Instagram are also updating their rules. WhatsApp is increasing its minimum age to 16. Users will be asked to confirm their age when they agree to the new privacy policy which will be given by a new WhatsApp Ireland entity that is being created to work in the EU. Users can also get details of all the information collected on them irrespective of their coverage under the GDPR.
Instagram is also providing users the option for data download in its privacy settings. This feature complies with the data portability rule of the GDPR.
In its new privacy policy, Twitter outlines that it uses the information collected from users to show advertisements and tweets that are likely to appeal to them and also to prevent fraud and misuse. Twitter allows users to change their settings and personalize the service or to opt out entirely from being tracked or targeted for ads. This new policy also includes options for data portability and deletion.
Google was recently revealed to have more data on users than Facebook. The search engine, however, revealed that its ad business relied mostly on search and keywords and hence there was less need to access other information. Due to this, the company does not expect much of an impact from GDPR but is nonetheless ready for the new legislation and will update its policies and settings worldwide.
In conclusion, while many tech companies are revising their policies, some experts believe that the GDPR might not be enough to regulate them. The chances of efficiently enforcing the new privacy laws outside the EU is, however, questionable.