The European Union will be implementing a new data protection law in May to secure its citizens’ private information.
On May 25th, a new data protection law known as the General Data Protection Regulation (GDPR) will take effect in the E.U. The rule requires companies that handle personal data to request consent from users before using it for various purposes.
Under GDPR, the hope is that fine print pages will no longer be enough and users won’t just click “yes” after scrolling through an exhausting set of terms. Instead, companies will be required to be clear and concise about their data collection intent and how they will use the personal data of users. Examples of data include full names, home addresses, IP addresses, and browsing history, and more.
Companies and website owners must also declare whether the collected data will be used to create profiles of the users’ actions and behavior. People will also have the right to the following:
- Access the information gathered and stored by the companies.
- Correct inaccurate information.
- Limit the use of decisions made by algorithms.
The new data protection law will cover and protect all people from the 28 member countries of the European Union even if the data is being processed outside of the EU’s jurisdiction.
Meaning, GDPR will apply to all publishers, universities, banks, and tech companies that track user information across the web, devices, and applications.
Read More: Attention Span is the New Currency
Under the new rule, children’s data will receive even stronger protections. Persons under the age of 16 will require parental approval before they can access information-society services. These include social media, online marketplaces, and other online services provided to an individual.
According to a report from Bloomberg, the Ernst & Young firm estimates that the 500 largest corporations in the world are on track to spend a total of $7.9 billion USD just to comply with GDPR.Ernst & Young estimates that top corporations will spend a total of $7.9 billion USD just to comply with #EU #GDPRClick To Tweet
Businesses must also appoint someone in the European Union as a liaison with regulators. Furthermore, companies with over 250 employees are obligated to recruit a data protection officer to ensure that the company remains GDPR compliant.
The European Union’s new data protection law is meant to change the landscape of how data is being gathered and handled by companies. Its main goal is in giving users more control over what they want to share or not.
However, critics of the law argue that it is too vague in important aspects. For example, the above Bloomberg Business article points out that “companies can claim a ‘legitimate interest’ in data that outweighs privacy concerns, but there’s conflict over what that means.”
For more information about the General Data Protection Regulation, click here.