WHEN Twitter recently asked me to update my terms of service, I did what any responsible grumpy old git would do – I accepted the new terms without reading them so I could get back to the next hand of poker. But when Facebook, Ryanair, Uber, PayPal, Linea Directa and basically every company I had an app for, or that I did stuff with, all started notifying me, with similar urgent language, I began to grow suspicious. And I wasn’t alone.
My Mrs expressed her annoyance, and I am sure I am not the only one that wants to know: WHY? While a call for better data protection, in the light of Cambridge Analytica, is a good, albeit naïve guess (did you really think any sites would fix their shady practices THAT quickly?), the answer traces back to a decision made two years ago by the European Union.
In April 2016, after four years of debate, the European Parliament voted to approve a law called ‘General Data Protection Regulation.’ The law went into effect on May 25, 2018, hence why you’ve been flooded with notifications. Organisations that are non-compliant risk fines of up to 4 per cent of their annual global turnover, or up to €20 million.
All of the reforms going into effect are designed to help us punters gain a greater level of control over our data, while offering more transparency through data collection. Here in layman’s terms are a few that caught my eye:
1. Obtaining consent – the terms of consent must be clear. This means they can’t stuff your terms and conditions with complex language designed to confuse their users. Consent must be easily given and freely withdrawn at any time.
2. Timely Breach Notification – if a security breach occurs, they have 72 hours to report the data breach to both their customers and any data controllers if their company is large enough to require a GDPR data controller. Failure to report breaches within this timeframe will lead to fines.
3. Right to be Forgotten – also known as the right to data deletion, once the original purpose or use of their customer’s data has been realised, their customers have the right to request that they totally erase their personal data.
OK, so by now you have got bored with reading all this stuff as I have and will just sign it all anyway. Oh and by the way, included in all this you will be giving all your email suppliers – AOL, Yahoo, Gmail etc permission to read all your emails! Good luck with it all!