Tech giants brace for sweeping EU privacy law
Tech giants brace for sweeping EU privacy law
BY HARPER NEIDIG - 04/01/18 08:15 PM EDT
Facebook and other internet companies are racing to
prepare for a sweeping new European Union (EU) privacy law that aims to give
consumers greater control over the use of their data.
The law comes at a critical time for the industry, which
is already facing tough questions over its data practices.
The General Data Protection Regulation (GDPR), which goes
into effect across the EU on May 25, will drastically change what internet
companies can do with customers' data.
Users will have greater control, including the ability to
learn what information companies have on them. The GDPR will also codify what’s
known as “the right to be forgotten,” meaning consumers will be able to order
web services to delete their data or stop distributing it to third parties. The
rules will also require companies to give users the ability to easily revoke
consent for handing over personal information.
“I think it's going to have a fundamental seismic shift
in the whole industry because it grants people rights over their data that they
don't currently have,” said David Carroll, an associate professor at the
Parsons School of Design who studies digital media and data practices.
“It really empowers consumers to get a better deal; we've
never really had a say in the deal,” Carroll added.
Companies must also be upfront about what they are doing
with users’ personal information. Regulators say that web services will no
longer be able to cloak the terms of their data practices in legalese.
"One of the main tenets of GDPR is to make sure that
there is trust and to make it clear what the data is being used for," said
Greg Sparrow, a data policy expert with CompliancePoint.
The impending deadline has companies scrambling to bring
themselves in line with the new law. Violations under the new rules would be
met with hefty fines of $24.6 million or 4 percent of a company's global
revenue — whichever is larger.
Hovering over those efforts is the data scandal that saw
a political consulting firm with ties to President Trump's 2016 campaign
improperly obtain the personal information of 50 million Facebook users.
Cambridge Analytica, which did work for the president’s
campaign and several other Republican politicians, reportedly paid a researcher
for data he obtained through a third-party app on Facebook. The researcher
obtained the data even though users had not consented to handing over their
information for political purposes.
Věra Jourová, the EU’s consumer protection chief, thinks
the incident underscores why privacy regulations like the GDPR are crucial.
“In my view this is not only about data protection [from]
breaches, this is about a threat to democracy and individual freedoms,” Jourová
said in an interview with Bloomberg earlier this month.
“I can say that in Europe we are ready for these cases,”
she added.
A Facebook spokesperson told The Hill in a statement that
the company is making sure its services comply with the new laws and will
announce new updates before the deadline.
The spokesperson also pointed to a January speech that
Chief Operating Officer Sheryl Sandberg gave in Brussels in which she promised
Facebook would look to go beyond the law's requirements.
In January, Facebook released a set of privacy principles
and established a global privacy center to better inform their users on how the
company operates. And this week, in response to the outcry over Cambridge
Analytica, it announced it will no longer allow the use of third-party data for
targeted advertising.
At a minimum, GDPR means most companies will have to
rethink how they interact with users.
Marshall Erwin, director of trust and security at
Mozilla, said that his company rewrote its privacy policy and overhauled its
privacy settings to prepare for the new European regulatory regime. But Mozilla
designed its services, like its signature Firefox browser, to collect minimal
amounts of user data, he said.
“It is going to be much more challenging for a lot of
other companies that collect more data from their users, that have much more
complex data collection mechanisms,” Erwin said.
“There's a lot of potential for GDPR to give users a lot
more control,” he added. “The real impact there is going to depend on how
seriously companies take those requirements.”
The EU has not been kind to American tech giants. In
2016, regulators ordered Apple to pay Ireland more than $15 billion in back
taxes after concluding the country had granted it illegal tax breaks. Internet
companies are facing antitrust and privacy investigations from European
authorities, and the EU is also considering slapping them with a new tax for
online transactions.
Last year, Google was hit with a record $2.9 billion
antitrust fine for favoring its own comparison shopping tool in its search
results.
A Google spokesman declined to comment on its
preparations for the new privacy law, but the company has promised to comply.
Like Facebook, Google has faced mounting criticism for its collection of user
data and its partnership with third-party services that target advertisements
based on users’ activities and personal information.
Many of the tech giants' biggest critics have been
cheering the EU law and urging regulators in the U.S. to study it as a road map
for crafting their own privacy rules.
But Carroll thinks internet companies won’t wait for the
U.S. to impose its own regulations. He argues that it won’t make sense
financially for the industry to operate two different internets on either side
of the Atlantic.
“The market will adapt to GDPR regardless of what
lawmakers on Capitol Hill do,” he said.
“There will be a more positive way of doing business,”
Carroll predicted. “It will make the internet a safer, less disgusting place.”
Comments
Post a Comment