New European standards of data protection are being eyed by privacy activists as a new global benchmark, at a time when Internet users around the world are reeling from a scandal over the misuse of Facebook data.
The General Data Protection Regulation (GDPR) comes into effect on May 25, just over two months after revelations that social media giant Facebook had improperly shared the data of 87mn users with an analysis firm hired to influence the US elections and Britain’s Brexit referendum in 2016.
The new EU rules, which have been years in the making, aim to give consumers more power over their data.
They stipulate that entities can only collect what is strictly necessary and must be transparent about how they use the information, while individuals can demand insight into their data as well as its erasure.
Organisations that breach the new rules can be fined up to 20mn euros ($23.6mn) or 4% of their global annual turnover, depending on which is higher.
The recent Facebook scandal “shows that protection of personal data can have a major impact on our democracy and on our elections,” EU Justice Commissioner Vera Jourova told EU lawmakers last month.
“All around the world, democratic countries are now looking at GDPR for inspiration,” she added.
The new European data protection standards are already having an impact beyond the bloc, as they will apply to anyone offering their services within the EU, including the US-based Internet giants.
“There are already many companies who adopt these standards on a global scale and who announced that they will make European data protection their selling point on a global market,” EU lawmaker Jan Philipp Albrecht said.
At a recent US Congress hearing over the Facebook scandal, the company’s chief executive Mark Zuckerberg said he would extend GDPR protections to users around the world.
Meanwhile, Google began preparing for GDPR more than 18 months ago, its chief executive Sundar Pichai told investors last month. “We’ll also update all the privacy policies and controls we provide to users worldwide,” he added.
“The European Union’s law should indirectly help Americans somewhat,” wrote Tom Wheeler, the former chairman of the US Federal Communications Commission, in a guest article for the New York Times last month.
The FCC had sought to introduce similar data privacy safeguards in the US, only to have them overturned by Congress.
“The New World must learn from the Old World,” Wheeler added.
Christopher Kuner, a law professor and privacy expert at the Free University of Brussels, believes that this is already happening, with countries such as Japan and Korea following Europe’s example.
“The EU is a regulatory superpower,” Kuner said, noting that the bloc’s standards are being adopted in other areas too.
However, only time will tell how effective the new EU safeguards really are, amid concern that the bloc’s 28 national data protection agencies tasked with overseeing them are under-equipped for the task.
Until legislation catches up elsewhere, companies still have plenty of room to set their own global standards.
viewpoint
