The MST Reader: The GDPR and the Privacy of the World
The MST Reader is a series of overviews of interesting and timely topics that affect our world.
The GDPR and the Privacy of the World
After four years of discussion and two years of preparation, the General Data Protection Regulation (GDPR) went into effect on May 25, 2018 across the European Union. The GDPR was meant both to help protect the data and privacy of individuals, as well as to standardize data handling practices and requirements across many countries in order to streamline regulations that companies might be subject to.
In doing so, the countries of the European Union took a leadership role in online privacy and personal data handling, stepping in to create a framework that many other countries around the world hadn’t yet provided. And, because few industries are more global than that of online data processing, the GDPR affected the way companies handle personal data all around the world — whether a company is operating within the EU, or simply serving customers who live there, GDPR compliance is required.
The GDPR codifies rules for users in several important areas, including requiring consent to collect and process an individual’s data, providing rights to access one’s own data once it is collected, and a right to have one’s data removed from a system if requested.
Instagram, WhatsApp and Google have all been sued under the GDPR on the basis of past forced-consent policies. And, here’s a story about an Ohio newspaper’s voluntary effort to apply the “right to be forgotten.”
The GDPR also tries to ensure that appropriate security measures are taken to protect the privacy of users, and that users be notified within 72 hours of a data breach that affects user privacy.
Not only does the protective umbrella created by the GDPR end up reaching into other countries, but the guidelines they created may serve as an example to other regulatory agencies. The California Consumer Privacy Act, for instance, is set to go into effect in January 2020, and incorporates many ideas from the EU regulations.
Here’s a detailed walkthrough of questions around the GDPR:
A GDPR compliance checklist:
Here’s a quick summarizing video from the Wall Street Journal: