Have you received dozens of emails about updates to your favorite online services' privacy policy? The reason is the EU's data protection law, and it has global implications. DW examines how it might affect you.
Image: picture-alliance/PhotoAlto/S. Olsson
Advertisement
The General Data Protection Regulation (GDPR) is a law passed by the European Parliament that dictates the collection and processing of data, most notably of individuals within the EU.
It effectively overhauls the bloc's data protection rules. Before it, each member state could decide to what it extent it wanted to implement the EU's directive on data protection. As of May 25, they no longer have a choice on how to implement data protection rules.
What are my rights?
If you're an individual residing in the EU, GDPR guarantees you the right:
To access data concerning yourself
To erasure — or to be forgotten
To be informed how your personal data is used
To rectification of inaccurate personal data
To restrict processing of personal data
To data portability — or to obtain and reuse personal data across services
To object to processing of personal data
To not be subject to an automated decision, including profiling
Do I have to do anything?
For the most part, the answer is no. However, some entities may seek further permission to continue processing your data and ask for your approval.
In short, yes, but not to the extent that GDPR guarantees. GDPR replaces the EU Data Protection Directive, which went into effect in 1995. As such, GDPR provides a much-needed update to deal with the challenges of today.
What about data breaches?
Fighting for the internet: Social media, governments and tech companies
Germany has passed a new law on social media in 2017, despite complaints from social media companies worried about the impact on their business. But how far is too far? DW examines the trends.
Image: picture-alliance/dpa/W. Kastl
Free speech or illegal content?
Whether hate speech, propaganda or activism, governments across the globe have upped efforts to curb content deemed illegal from circulating on social networks. From drawn-out court cases to blanket bans, DW examines how some countries try to stop the circulation of illicit content while others attempt to regulate social media.
Image: picture-alliance/dpa/W. Kastl
Social media law
After a public debate in Germany, a new law on social media came into effect in October. The legislation imposes heavy fines on social media companies, such as Facebook, for failing to take down posts containing hate speech. Facebook and other social media companies have complained about the law, saying that harsh rules might lead to unnecessary censorship.
Image: picture-alliance/dpa/T. Hase
Right to be forgotten
In 2014, the European Court of Justice ruled that European citizens had the right to request search engines, such as Google and Bing, remove "inaccurate, inadequate, irrelevant or excessive" search results linked to their name. Although Google has complied with the ruling, it has done so reluctantly, warning that it could make the internet as "free as the world's least free place."
Image: picture-alliance/ROPI/Eidon/Scavuzzo
Blanket ban
In May 2017, Ukraine imposed sanctions on Russian social media platforms and web services. The blanket ban affected millions of Ukrainian citizens, many of whom were anxious about their data. The move prompted young Ukrainians to protest on the streets, calling for the government to reinstate access to platforms that included VKontakte (VK), Russia's largest social network.
Image: picture-alliance/NurPhoto/Str
Safe Harbor
In 2015, the European Court of Justice ruled that Safe Harbor, a 15-year-old pact between the US and EU that allowed the transfer of personal data without prior approval, was effectively invalid. Austrian law student Max Schrems launched the legal proceedings against Facebook in response to revelations made by former US National Security Agency (NSA) contractor, Edward Snowden.
Image: picture-alliance/dpa/J. Warnand
Regulation
In China, the use of social media is highly regulated by the government. Beijing has effectively blocked access to thousands of websites and platforms, including Facebook, Twitter, Instagram and Pinterest. Instead, China offers its citizens access to local social media platforms, such as Weibo and WeChat, which boast hundreds of millions of monthly users.
Image: picture-alliance/dpa/Imaginechina/Da Qing
Twitter bans Russia-linked accounts
Many politicians and media outlets blame Russia's influence for Donald Trump's election victory in 2016. Moscow reportedly used Facebook, Twitter, Google, and Instagram to shape public opinion on key issues. In October 2017, Twitter suspended over 2,750 accounts due to alleged Russian propaganda. The platform also banned ads from RT (formerly Russia Today) and the Sputnik news agency.
Image: picture-alliance/AP Photo/M. Rourke
Facebook announces propaganda-linked tool
With social media under pressure for allowing alleged Russian meddling, Facebook announced a new project to combat such efforts in November 2017. The upcoming page will give users a chance to check if they "liked" or followed an alleged propaganda account on Facebook or Instagram. Meanwhile, Facebook has come under fire for not protecting user data in the wake of the Cambridge Analytica scandal.
Image: picture alliance/NurPhoto/J. Arriens
8 images1 | 8
A "data controller" — companies, organizations and any other entity involved in the digital economy and processing data of EU individuals or within the bloc — must legally inform authorities within 72 hours of a data breach.
They are also responsible for informing you if your private data was compromised. However, they don't have to if there were measures to obfuscate the data, such as encryption.
Are there areas where my data is not covered by GDPR?
Yes. Your data is not covered when it is used for purposes that include national security, statistical analysis and employment relationships (due to a law already governing such relations), among others.
EU beefs up data protection
03:01
This browser does not support the video element.
Who has to comply?
Entities located in the EU.
Entities providing goods or services to EU residents.
Entities monitoring the behavior of EU residents.
Who ensures compliance?
Data Protection Authorities, which are independent public authorities, are tasked with overseeing and investigation the application of data protection laws in the EU. Each EU member state will have one.
What happens after Brexit?
Prime Minister Theresa May's government has vowed to make GDPR part of British law. The law could technically be changed in the future, although it is unlikely. Even in such cases, British companies and organizations would likely continue adhering to GDPR in order to guarantee unhindered access to EU markets.
