20-Apr-2018 12:23 PM Latest Trends
With the Cambridge Analytica fiasco still fresh in our memory and despite the political drama that unfolded with Mark Zuckerberg’s congressional interrogations, Facebook’s business model isn’t in for any real risk from regulators in the US. In Europe, however, the situation is different and the looming General Data Protection Regulation (GDPR) will give people better privacy protection and force companies, including Facebook to make sweeping changes to the way they collect data and consent from users – with huge fines in store for those who don’t comply.
After four years of preparation and debate, the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date has been fixed to 25 May 2018 - at which time, those organizations which don’t comply may face heavy fines.
The GDPR has been designed to reshape the way organizations across the region approach data privacy. It not only applies to organizations located within the EU but it also applies to organizations located outside of the EU, if they offer goods or services to EU subjects. It covers all companies who are processing personal data of subjects residing in the European Union, regardless of the company’s location.
The maximum fine that can be levied on any organization for not complying with the GDPR can be up to 4% of annual turnover or 20 million Euros, whichever is higher. For Facebook, that would amount to $1.6 billion, whereas for Google it would be around $4.4 billion, which in itself is a huge sum. This is the maximum fine that can be imposed on companies for the most serious infringements e.g. not having customer consent to process data or violating the Code of Privacy. There’s more to it — a company can be fined 2% for not having their records and house in order or not notifying the regulatory authority and the subject about a breach.
On May 25, this regulation will mark a paradigm shift in the way data is collected and handled by companies. This regulation will make it pertinent for companies to spell out the reasons why they want to collect the data and what they will be using it for.
It’s not just web giants that are going to be affected by this regulation, other companies who collect data for certain other purposes without complying with the basic rules and regulations are also going to feel the pinch. The law’s emphasis on consent, control, and clear explanations could prompt users to better understand and reconsider the ways they are being observed online. Meanwhile, privacy activists plan to use GDPR as a potent weapon to force changes in corporate data-handling practices and make it safer for users to venture online and part ways with their personal information.
GDPR is only going to strengthen the growing demand for data privacy and it’s only a matter of time until companies become more accountable for their privacy policies and don’t take everything for granted. The GDPR’s ultimate impact will rest on the fact how users wield their new right and force organizations to become more responsible in the way they act and interact with users. Privacy is a very important component of any responsible communication and users have every right to know what his/her private data is being used for.