The European Union’s General Data Protection Regulation, GDPR in short, came into effect on May, 25th 2018 overriding old data collection and protection polices which are according to the modern world. Two, user reliable, mega companies Google and Facebook are under serious danger.
Once the EU Data protection law came into force, complaints striked at the heart of tech giants. Mr Maximilian Schrems, an Austrian lawyer, privacy activist and founder of NOYB.eu, well known for his steps against Facebook regarding its privacy violation in the past, launched a latest challenge to Facebook, a new suit against Google has also been filed, accusing them of persuading users into accepting their data collection polices. Max Schrems three other local regulators from France, Germany and Belgium also helped to fill the complaints. They said that the users should have the rights to select whether they want their data to be used for other purposes or not, they present themselves very strict against the “take-it-or-leave-it” approach adopted by web companies these days.
Max Schrems said, “Facebook has even blocked accounts of users who have not given consent. In the end, users only had the choice to delete the account or hit the “agree”-button – that’s not a free choice, it more reminds of a North Korean election process.”
GDPR prohibits forced consent as it believes that every user should have right to their data, as a result, user access to services can no longer depend on whether a user gives permission to the use of data. A very clear guideline on this issue has already been published by the European data protection authorities on November 2017. But not everybody is aware of it as said Schrems, “Many users do not know yet this annoying way of pushing people to consent is actually forbidden under GDPR in most cases”.
It is not just for the big names, healthcare, insurers and banks and small companies dealing with sensitive personal data are also on the hook, it is important for small and local companies, to respect every users data and privacy, however we observe that small companies do not consent their customers to agree to their polices and have a high rate of transparency.
According to the new regulation, in case of Data Breaches, the organisation should face a penalty of 4% of their annual growth, it has also become mandatory to notify data protection authority of data breach within 72 hours of becoming aware. As the implementation comes into act, some companies based outside the European Union have temporarily blocked their services across Europe. However, Twitter has introduced granular controls that let people opt out of targeted advertising.
Google and Facebook faced a penalty of 9.3b$ collectively after the complaints have been filed, they said that they would meet GDPR policies as soon as possible. A Google spokesperson said in a statement, “We build privacy and security into our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation.”
Erin Egan, Facebook’s chief privacy officer, said in an emailed statement, “Over the last 18 months, we have taken steps to update our products, policies and processes to provide users with meaningful data transparency and control across all the services that we provide in the EU”.
This new regulation has a huge impact on tech companies, as we have seen our inbox filled with emails regarding new privacy policies. This will have a good impact on user end as well as “freedom” of personal data, which may make a better user-controlled Internet world were user’s privacy remains private.