Recap on GDPR
The EU’s GDPR becomes enforceable May 25, 2018 and states that user’s data can be used only if that individual gives a company explicit permission. The European Union’s General Data Protection Regulation (GDPR) was put in place to standardize existing laws that call for transparency in how companies collect and store personal data about EU citizens. GDPR implies all companies offering services to consumers in the EU, to be transparent on what data they collect and what they do with that data. It will be 1 law instead of 28 different laws across all EU countries. Companies which are in violation of the GDPR face a fine of 4% of global world revenues. Complying with GDPR is expensive and small firms are less likely to be able to devote resources to this.
Another thing that makes GDPR preparation difficult is that people’s interpretations of the law vary widely, ad retargeting firms have taken a more laissez-faire approach and advocated that their web-browsing data doesn’t put them in the GDPR crosshairs. With so many different interpretations of the law, it is difficult for companies to properly understand the risks they face with GDPR, and therefore how to become aligned with it, said Sean Blanchfield, CEO of PageFair, a company publisher use to avoid ad blockers.
– Principle of data minimization: companies have the right to collect only what is strictly necessary, so age or sex is not an acceptable criteria for an emailing campaign. The RGPD will punish offenders more frequently and more heavily;
– Principle of the right to be forgotten: the data transmitted to third public or private companies diffused under user’s agreement can be suppressed at any times by a simple request of the Net surfer. With the RGPD, the data can be archived without new use or sell;
– Principle of consent: the consent must be given by a very clear approval of the user. Pre-checked boxes will no longer be considered a clear consent because the user does not necessarily pay attention;
– Principle of the right to portability: it allows users to recover, « in a machine-readable format », all the data it has provided in order to export it to another operator, including telephone within a month;
– Principle of a numerical majority: Member States of the European Union may set the age limit for registration on social networks without parental authorization at 13. It’s 15 years old in France. Beyond this threshold, the user, minor or not, is owner of his personal data online. WhatsApp is now only accessible to Internet users over 16 years old if they are European, the threshold is 13 years in the rest of the world although the company cannot ask any proof;
– Principle of group action: this allows a group of individuals who have suffered a violation of the protection of their personal data to take group action in court. With the RGPD, Internet users will be able to obtain compensation for the damages suffered.