The term GDPR hasn’t really sunk in on a mass scale in the U.S., but it’s been roiling the social media giants for years as they prepare for May 25.
GDPR, the initials for General Data Protection Regulation, is a product of the European Union dating to 2016. Given two years’ lead time, American giants like Amazon, Google and Facebook have been hard at work preparing for the implementation of sweeping new rules guarding individuals’ privacy online.
GDPR includes a feature that allows users to request that certain data about them be removed online — the un-remember, or right to be forgotten option. This provision stems from a ruling by the European Court of Justice in Luxembourg.
Specifically, the court said data on individuals could still exist on web pages or in cyber-databases, but links to that information would not be allowed if a person objected. This infuriated the people at Google, but in one month, they will have to comply or face fines of up to 4 percent of annual revenue. And the GDPR goes even further than the judge in saying that individuals can demand the information or data on them be deleted entirely if it is outdated, no longer needed or relevant, or incorrect. This is technically referred to as Data Erasure.
GDPR also restricts which information on individuals a site can collect, and it bars those under 16 from social media unless they obtain parental consent. Concretely, a site cannot collect information on one’s racial or ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade-union membership or health, except in rare circumstances when it may be required by law.
Lest anyone think the GDPR applies only to search engines, social media giants and huge e-tailers like Amazon, the regulation makes it clear that it affects any site that EU citizens can give individual data to:
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The question here is whether lawmakers here will take a cue from the GDPR in light of the covert personal data mining scandals at Facebook or other companies?
What about Cookies?
The use of cookies is also being curtailed. Cookies are small text files that a site places on your computer or mobile device to store your preferences for future visits, but these cookies are also used to track what you do online and then send targeted advertisements your way. Under GDPR, you have to consent to allow cookies to be used on your devices. If you object, the site cannot send cookies your way.
Spam is banned as well. You must give your consent to receive unsolicited messages or advertising, even the SMS cell phone type.
Enforcement is done through each EU nation’s national Data Protection Authority (DPA), but individuals and other entities must be vigilant in policing what’s online about them to request to be un-remembered.
One last note: The GDPR was actually implemented in May 2016, but enforcement was given a two-year delay until May 25 of this year.