New European Privacy Laws Have Ripple Effect on Online Privacy

The General Data Protection Regulation, or GDPR, is a new set of European Union rules that govern the ways businesses and online organizations treat user information, in particular the data belonging to EU citizens. The GDPR introduces a wide range of regulations, chief among them new restrictions on how third parties can process, store, and handle user information. While this has created some challenges for international businesses regarding compliance, the result is that practically all Internet users will see some benefits from the GDPR. This is because rather than adhere to one set of rules for EU users and other for North American or other worldwide users, most tech outfits have chosen to implement compliant rules for all users.

Businesses will need to hire Data Protection Officers to ensure compliance.  They will be responsible for the proper implementation of GDPR-related measures.  Additionally, EU nations have set up Data Protection Agencies to ensure users have a regulatory body to whom they can report violations. Moreover, though, the GDPR introduces several important rules.

Requirements surrounding the anonymization of certain forms of data and the preclusion of public publishing of user data means that the WHOIS network, a system of databases that contains the details of who owns which websites, will no longer be able to operate in its current form. ICANN, the administrator of the WHOIS protocol, is currently searching for a solution to this problem. These GDPR provisions are also responsible for a flurry of changes in the Terms of Service for sites from Facebook to Twitter, as they change the way they process user data.

The GDPR also includes mandatory data breach notifications; if a company with EU citizen data has an intrusion and the attackers steal data, they must report the breach to the relevant Data Protection Agency within 72 hours. This measure should impact other worldwide users as well, as it is unlikely that attackers would sweep up only EU data in a breach. Other provisions, such as the right to be forgotten and the requirement that new platforms use a “privacy by design” ethos, could also impact the tech industry.

The deadline for GDPR compliance is May 25, 2018. Many major providers, from Google and Amazon to others, have begun sharing information with users on the ways their Terms of Service have changed. Take the time to review any of these changes shown to you to understand how websites will handle your data in the future.