“I open yogurt in the morning, and from there:” We updated the rules for collecting personal data. ”
— Tim Walters (@tim_walters) 25 May 2018
The fact is that on May 25, the updated law on personal data, known as the General Data Protection Regulation (GDPR), entered into force in the European Union . It will also apply to all Russian users and companies that use European services.
The entry into force of the law caused widespread discussion in social networks, and sites that had not yet updated the internal rules were not available.
The new law applies to Russians
The GDPR applies to all companies that process the data of citizens and EU residents. Where such services are located, it does not matter, so the rules apply to a part of Russian business. Speech, for example, is about online stores that sell services and goods to at least one EU resident .
Although Russia is not part of the European Union, Russians will be affected by new rules on their arrival in any of the 28 countries. Norms apply not only to individual travelers, but also to those who book tours – travel companies also collect personal data.
The law on personal data gave more rights to manage their information
The previous directive on data protection was adopted in the EU in 1995, but according to it the authorities of individual countries had to implement their by-laws and sometimes received unprecedented opportunities. In addition, for 23 years the directive has become obsolete, and the number of violations of the protection of personal data has obviously increased significantly.
The new regulation 2016/679 ” On the Protection of Individuals in the Processing of Personal Data and the Free Circulation of Such Data “, adopted after a four-year discussion , required that the global Internet sites update the domestic policy.
Most importantly, the services should not describe, in a simple and understandable language, what kind of data they collect and for what purposes, and also do not hide the form of the agreement.
Users have got a lot of new opportunities to control the data that they transmit.
- Request confirmation of the processing of personal data, as well as find out – what service it collects, for whom, who from third parties has access to them and how long the processing will last;
- Give consent to the processing of personal data in a new, more explicit and intelligible form. The user must have a choice and the right to withdraw consent without prejudice to himself;
- Request the transfer of data from one company to another so that they do not re-enter them on different sites (for example, to copy preferences, history and playlists);
- Require to stop processing data at any time;
- Explain to your child that the new age threshold is 16 years. If the child is younger, he must obtain prior to registration the consent of the parents or legal representatives.
Google and Facebook immediately ran into complaints
If the company does not fulfill this or that norm, it faces a fine of 2-4% of the company’s turnover or tens of millions of euros. For example, services will not be able to collect data on political views, religion, health, sexual orientation, or race or ethnicity.
Already on the first day of the law Austrian lawyer Max Schrems filed complaints against the branches of Facebook, Google (in France) Instagram (in Belgium) and WhatsApp (in Germany) on behalf of the non-profit organization “None of Your Business”. Шремс has declared, that соцсеть Mark Zuckerberg has blocked some accounts of users who have disagreed with the new law. In his opinion, the choice between agreeing and removing the profile “is more like not freedom, but the election process in North Korea.”
On the first day, many sites stopped working
Although the entry into force of the law did not become a surprise, many US media outlets did not bother to change the policy even at the last minute. For Europeans ,Los Angeles Times, New York Daily News, Chicago Tribune, Mashable, Orlando Sentinel and Baltimore Sun are not available.
It looks like all Tronc newspapers like the LA Times and Chicago Tribune are GDPR non-compliant, so all traffic from Europe is hitting this wall pic.twitter.com/vTuy902DZv
— Jon Passantino (@passantino) 25 May 2018
Readers, for example, USA Today noted that the GDPR-compatible versions of some news sites have become even more convenient – without advertising and self-reproducing videos.
The GDPR-compliant version of the USA Today website is so much better than the normal version it’s unreal. Ad free, no autoplaying video, crisp clean design. pic.twitter.com/Cs4vRjgfJC
— alex hern (@alexhern) 25 May 2018
In social networks reported that the problems affected and many other services, including those related to crypto-currencies . In Twitter , they complained that they can not follow the link from the e-mail to the page with the new law on personal data.
Service users are tired of notifications of a new law
Since May 25 is the last date for the adoption of new rules for the collection of personal data by the services, today there is a peak in the number of notifications and discussions.
Most of all, criticism is directed against similar in all letters about the entry into force of the data protection regulations that have flooded e-mail. Basically, the Russians learned about the GDPR, when they saw the notification when they visited the sites, but they also touched it.
GDPR: We don’t want advertisers using your info to follow you around and spam your inbox.
MY INBOX: 1,731 spammy emails about GDPR.
— Brian Cristiano (@boldceo) 25 May 2018
“GDPR: We do not want advertisers to use your data to spy on you and spam in your mail” // My Mail: 1731 spam letters about the GDPR ”
*Opens front door*
— Jack Mull (@J4CKMULL) 24 May 2018
А ваш утюг тоже обновил политику конфиденциальности?
— Конспект Один- (@adzinota) 25 May 2018
— Pablo Elizalde (@EliGP) 25 May 2018