Sign up for Digg's morning newsletter The best stories of the day, in your inbox
Subscribe Now
Hide
Video Data Viz Movies and TV Real Estate Internet Culture News One Main Character Memes Relationships Gaming More Less
Europe's New Data Protections Are Here — Here's What To Read About Them
PLEASE READ THIS POLICY UPDATE
·Updated:
·

Chances are, you've been getting tons of emails from every website you've ever created an account on about updates to their privacy policy. That's because any website that serves European users now must comply with their new consumer data protections policy called the General Data Protection Regulation (GDPR). The new rules have sweeping implications for users and businesses on the internet. To make sense of the most important ways the change will affect people, we've assembled some of the best analysis on the topic.

What Is GDPR?

Unlike the US, which has historically created laws around the internet on a piecemeal basis, Europe has created a comprehensive set of rights and rules pertaining to internet users and their privacy: 

In Europe… GDPR represents one of the most robust data privacy laws in the world. It also gives people the right to ask companies how their personal data is collected and stored, how it's being used, and request that personal data be deleted. It also requires that companies clearly explain how your data is stored and used, and get your consent before collecting it. "Personal data," in this case, refers to things like a person's name, email, and IP address, but also pseudonymized information that could be traced back to them. People can also object to personal data being used for certain purposes, like direct marketing.

[Wired]

A Lot Of Those Emails You've Been Getting Aren't Necessary

According to The Guardian, a lot of the emails asking users to provide their data again or re-approve their spot on email lists aren't necessary and could be illegal:

Toni Vitale, the head of regulation, data and information at the law firm Winckworth Sherwood, said many of those requests would be needless paperwork, and some that were not would be illegal.

"Businesses are not required to automatically 'repaper' or refresh all existing 1998 Act consents in preparation for the GDPR… Recital 171 of the GDPR makes clear you can continue to rely on any existing consent that was given in line with the GDPR requirements, and there's no need to seek fresh consent…"

What's more, Vitale said, if the business really does lack the necessary consent to communicate with you, it probably lacks the consent even to email to ask you to give it that consent.

[The Guardian]

No One's Ready For GDPR

While GDPR is a major win for consumers, for many businesses, it's a huge headache that they aren't prepared for:

The regulation gave companies a two-year runway to get compliant, which is theoretically plenty of time to get shipshape. The reality is messier… In a survey of over 1,000 companies conducted by the Ponemon Institute in April, half of the companies said they won't be compliant by the deadline. When broken down by industry, 60 percent of tech companies said they weren't ready.

[The Verge]

Friday Morning, Multiple Sites Were Affected

In light of the changes, multiple sites and services have interrupted service worldwide or in Europe. Tronc, the third-largest newspaper company in America, appears to have cut off access to its properties (which include the LA Times, New York Daily News and Chicago Tribune) for European users:

Its message read: "Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market."

Lee Enterprises publishes 46 daily newspapers across 21 states.

Its statement read: "We're sorry. This site is temporarily unavailable. We recognise you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at this time."

[BBC]

Instapaper, the popular app that allows users to save and read online articles, has also gone dark for European users: 

While we don't know exactly what's holding up Instapaper, it's more than likely to be the GDPR's data subject access request, which allows any EU resident to request any and all data collected and stored about them… It's clear that few companies, if any, will be 100 percent compliant when the law goes into effect. But because the fines are so steep — violating GDPR will cost a company 4 percent of its global turnover or $20 million, whichever is larger — no one really wants to be caught non-compliant. So that's why companies are rushing and, in the case of Instapaper, literally shutting down.

[The Verge]

Activists Are Already Using It To File Complaints Against Google And Facebook

An Austrian attorney and an activist group have already used the new rules to make privacy complaints against Google and Facebook:

The complaints about Google, Facebook and Facebook's subsidiaries come from a group called None Of Your Business (NOYB)—a non-profit founded by the very successful serial Facebook litigant Max Schrems. Schrems, the Austrian lawyer who annihilated the U.S.-EU Safe Harbor data-sharing agreement a few years ago, formed the crowdfunded NOYB in order to take on big tech firms that break the EU's new General Data Protection Regulation (GDPR.)

[Fortune]

GDPR Is The Most Unifying Thing To Happen To The EU In A While

While there are undoubtedly growing pains, Jill Petzinger of Quartz notes the significance of the occasion:

Getting 28 countries to agree on the fine print of the law took around six years. The actual concept dates back to the 2007 Lisbon Treaty, which introduced the right to data protection as a new human right.

"GDPR is intended to ensure that human rights are embedded inside commercial and state treatment of people's data," said Simon McGarr, director of Data Compliance Europe, a GDPR data protection consultancy. "This is different to the US, which does not take a human-rights based approach to data and indeed doesn't even have a principle of data protection built into their systems."

[Quartz]

Countries Around The World Are Following Europe's Lead

While the US doesn't seen eager to follow in the EU's lead, other non-European countries are setting up copycat regulations: 

Brazil, Japan and South Korea are set to follow Europe's lead, with some having already passed similar data protection laws. European officials are encouraging copycats by tying data protection to some trade deals and arguing that a unified global approach is the only way to crimp Silicon Valley's power.

[The New York Times]

And In The Long-Term, GDPR And Similar Laws Could Change The Way Internet Advertising Works

Targeted advertising is everywhere, but that might change given how much personal data is required to keep it going:

[T]he main loser may well be an industry that few have ever heard of but most have dealings with every day: advertising technology, or ad tech. In fact, the GDPR would probably not exist at all were it not for this collection of companies, which have an insatiable hunger for personal data.

Ad tech emerged because advertising is the internet's default business model. Since targeted ads tend to be more efficient and targeting requires personal data (sites previously visited, searches in online stores and the like), these data became the fuel of a new industry to automate online advertising.

[The Economist]

Benjamin Goggin
<p>Benjamin Goggin is the News Editor at Digg.&nbsp;</p>

Want more stories like this?

Every day we send an email with the top stories from Digg.

Subscribe