Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email


Data-hucksters beware – online privacy is making a comeback

August 22, 2017

Next year, 25 May looks like being a significant date. That’s because it’s the day that the European Union’s general data protection regulation (GDPR) comes into force. This may not seem like a big deal to you, but it’s a date that is already keeping many corporate executives awake at night. And for those who are still sleeping soundly, perhaps it would be worth checking that their organisations are ready for what’s coming down the line.

First things first. Unlike much of the legislation that emerges from Brussels, the GDPR is a regulation rather than a directive. This means that it becomes law in all EU countries at the same time; a directive, in contrast, allows each country to decide how its requirements are to be incorporated in national laws.

Second, the purpose of the new regulation is to strengthen and rationalise data protection for all individuals within the EU. It also covers the export of personal data to outside the bloc. Its aims are to give control back to EU residents over their personal data and to simplify the regulatory environment for international business by unifying regulation, so that instead of having to deal with a range of data-protection issues in different jurisdictions, companies will effectively be able to obtain a “passport” for the entire region, much as financial services firms have been able to acquire.

Given that the use, abuse and exploitation of personal data has become the core business of the internet, anything that affects this is going to be a big deal. The GDPR extends EU data-protection law to all foreign companies that process the data of EU residents. So even if a company has no premises or presence within the EU, if it processes EU data it will be bound by the regulation. And the penalties for non-compliance or infringement are eye-watering, even by internet standards: fines up to €20m and/or 4% of global turnover.

Advertising Age concludes that the new regulation will ‘rip the global digital ecosystem apart’
The GDPR applies both to data “controllers” (who determine how and why personal data is processed) and “processors” (who handle the data on the controller’s behalf). The obligations on controllers are broadly similar to those imposed by current data-protection law. But if you’re a processor, then the regulation imposes specific legal obligations on you to maintain records of personal data and processing activities and you will have significantly more legal liability if you are responsible for a data breach. And any breach, no matter how small, has to be reported to the authorities within 72 hours.

More significantly, the GDPR extends the concept of “personal data” to bring it into line with the online world. The regulation stipulates, for example, that an online identifier, such as a device’s IP address, can now be personal data. So next year, a wide range of identifiers that had hitherto lain outside the law will be regarded as personal data, reflecting changes in technology and the way organisations collect information about people.

The regulation gives important new rights to citizens over the use of their personal information. They have the right, for example, to contest and fight decisions that have been made about them by algorithms processing their data. Valid consent has to be explicitly obtained for any data collected and for the uses to which it will be put. Consent for children’s data must be given by parents or guardians and data controllers must be able to prove that consent has been obtained.

Citizens will now have the right to request the deletion of personal information related to them – and companies will have to be able to prove that the offending data has been properly wiped (which may be more difficult than it sounds). And so on.

For many traditional companies – the ones that keep HR records, customer lists, contact details etc – the GDPR will probably make little practical difference, except for more onerous compliance requirements. But for organisations that have hitherto operated outside the reach of data-protection law, for example the hidden multitudes of data-hucksters, trackers, data-auctioneers and ad-targeters that operate behind the facade of websites, social media and Google, the GDPR represents an existential threat.

Facebook and Google should be OK, because they claim to have the “consent” of their users. But the data-broking crowd do not have that consent. As Advertising Age puts it: “Targeting and tracking companies will need to get user consent somehow. Everything that invisibly follows a user across the internet will, from May 2018, have to pop up and make itself known in order to seek express permission from individuals.” The new regulation will, it concludes, “rip the global digital ecosystem apart”.

Not before time, IMHO. In the meantime, three cheers for the EU. And – since you ask – the UK government has decided that the GDPR will apply here even after Brexit.

Tags: , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
MoviePass CEO Addresses Privacy Concerns, Says App Has Never Monitored Users’ Locations
March 14, 2018

MoviePass CEO Mitch Lowe said he misspoke at a recent industry conference in describing the kinds ...

Read more
Privacy Altcoin Zcash Announces First Network Update, ‘Not Expected’ To Be A Fork
March 5, 2018

Privacy-oriented cryptocurrency Zcash announced the release of their first network upgrade, Zcash Ov...

Read more
Meet Vero: Why a billionaire’s Instagram alternative is suddenly so popular
March 1, 2018

Instagram haters are jumping on a new social media bandwagon. Vero, a photo-sharing app that laun...

Read more
Facebook loses Belgian privacy case, faces a hefty fine
February 19, 2018

A Belgian court threatened Facebook with a fine of up to 100mil euros (RM480mil) if it continued to ...

Read more
featured image 3
Steve Hilton: Silicon Valley’s surveillance capitalism has resulted in Big Tech killing off human privacy
February 12, 2018

The case against Big Tech seems to be building by the week. And interestingly, some of the most powe...

Read more