Over the past week, you¡¯ve probably seen alerts for GDPR everywhere online, in your email inbox, on Facebook and Twitter.
It¡¯s a new privacy law being implemented in the European Union. But if you think it¡¯ll have no effect on your life, you¡¯re wrong.
As we said, the GDPR or General Data Protection Regulation is a new privacy law being enacted in the EU, that comes into effect tomorrow on May 25. In essence, it¡¯s a new set of guidelines to govern how companies access and use the personal data of consumers and how they¡¯re to help keep them safe. These are mandatory regulations the EU plans to enforce with stiff penalties if companies fail to toe the line.
There are two main parts to GDPR. Firstly, companies that earn revenue off their users¡¯ data (like Facebook and Google) are mandated to explicitly inform consumers how they¡¯re doing this. They have to be absolutely clear with how much data they collect and how, as well as how they then manipulate or sell that data.?
The second part is that, not only do they have to ask your permission to collect your data (which is done by asking you to accept a revised privacy policy) you¡¯re also allowed to opt out at any point. Meaning, if you decide to stop using an online service and tell the company so, they have to not only stop collecting your data but also delete whatever information about you they may already have. In addition, in case of any widespread data breaches, companies are now mandated to disclose them to the public within 72 hours.
ALSO READ:?How Facebook Betrayed Its User's Privacy & Mark Zuckerberg Was Forced To Say Sorry To The World
All companies that carry out activities in the EU, not just those based there, have to be compliant with GDPR by the time the deadline hits this week. That¡¯s why they¡¯ve been updating their privacy policy agreements to reflect this, and you¡¯ve been seeing alerts to sign off on them on your social media and your email. Any companies that don¡¯t follow these protocols are not just risking official EU penalties, but are also held accountable to consumer lawsuits tanks to the new law.
But why are these alerts showing up for us here in India? Surely laws made in the EU don¡¯t apply to us, and we can¡¯t sue Facebook on the same legal grounds. Well, you¡¯re right there, but the GDPR implementation has still changed a lot for all of us. The thing is, major global corporations like Microsoft, Apple, Google, Facebook, Twitter, and so many others have to adhere to GDPR stipulations. So if they¡¯re changing their privacy policies for the European countries, surely they didn¡¯t have to extend that to others outside its purview? Well yes, actually they did.?
Can you imagine what the public outcry would be like if, on the heels of the Cambridge Analytica scandal, Facebook decided to comply with the regulations for only the EU? People in other parts of the world would be furious at the lip service, they¡¯d rightly assume that the company is just covering its behind, and doesn¡¯t give a damn about its customers. So, whether or not any of these companies actually want to do the right thing and be more responsible with their customers¡¯ data, they have no other real choice.
ALSO READ:?After Mark Zuckerberg's Facebook Hearing, US Is Considering Strict Law To Protect Data Privacy
While the issue of personal data privacy is in the spotlight, pressure from consumers is forcing the hand of major companies. However, six months from now, nothing is to stop for example, Twitter or Facebook or Google from reverting its privacy policy to the old one. After all, if you log on one day half a year from now, and an alert pops up for you to read the new changes to the privacy policy, are you sure you¡¯d even read it? Probably not.
That¡¯s exactly why it¡¯s so important right now to capitalise on the issue and keep the momentum going. Even the US doesn¡¯t yet have water-tight laws protecting consumer data, let alone India, and nothing in the pipeline to get them soon either. And maybe you¡¯re thinking right now, why would it matter to you if Facebook knew what posts you were liking? You have nothing to hide after all.
Well consider this. The new Aadhaar card system is meant to integrate with businesses, to make digital payments easier. Suppose, two or three years down the line, the system is widespread but the Indian government has to cut back on the project¡¯s budget. It¡¯s impossible to take away any of the money being provided without replacing it, because the system needs upkeep. So instead, perhaps they decide to let those business use anonymised data gathered from BHIM app users (the governments Aadhaar-linked payment app) for a fee of course. Maybe they¡¯ll use it for advertising. Maybe sales analysts will use that data to peddle their services to chain outlets, or your telecom provider. This is, of course, a hypothetical scenario meant to make a point.
It¡¯s not an exact comparison to what¡¯s happened with the Cambridge Analytica scandal, or what GDPR is trying to prevent, but you get the basic idea. At the end of the day, this is the 21st century, and Big Data is the name of the game. You need to protect your data to protect yourself, and companies need your data to offer you ¡°free¡± services. So if we want there to be an equitable solution, we need the laws that will help enforce it.
ALSO READ:?Mark Zuckerberg Appears Before EU Lawmakers Over Data Scandal & They Grill Him Like A Criminal