2018 is already deep in the internet era. Everybody owns at least a mobile device able to connect to the internet. But not everybody is aware of the dangers of the web. Europe uses new regulations and laws under GDPR in order to protect its citizens from companies and third parties maliciously using their data, harvested during their stay in their respective websites.
With every click we perform in our browsers, the sites are collecting our personal data, mostly for advertising purposes. If, for example, we use a website to purchase a pair of shoes, cookies are saved and the next time we open a website we might see more products of the same brand, or products close to it as ads.
In an essence, websites save our preferences and interests and present us accordingly with adds, provided by other websites.
The General Data Protection Regulation (GDPR) is not a recent concept. The idea was conceived in 1995, although the materialization of it only began recently. A great number of meetings was required in order for the approval and adoption of the program. Finally, the regulation was published in the EU Official Journal in May 2016, giving websites and companies a 2 year post-adoption grace period.
Europe’s GDPR has some key changes that affect every website accessible by European citizens:
- Increased Territorial Scope (extra-territorial applicability)
GDPR applies to all companies processing the personal data of data subjects residing in Europe. This means that no matter where the website is located globally, it will have to comply with the GDPR regulations in order to have Europe’s citizens as customers.
In case a website processes personal information without the subject’s consent, Europe is eligible to fine the website up to 4% of its annual global turnover, or €20 million, whichever is greater. This measure ensures small companies will have to adapt to the new set of rules if they want to keep running, while big companies will take a big hit.
The websites will have to inform the viewer as clear as possible that his data will be processed, with the purpose of data processing attached to that consent. It must also be as easy to withdraw consent as it is to give it.
The changes that will be visible to the users are mostly changes in Terms of Service from the website they are using. Nonetheless, everyone should be also aware that according to the new regulations, they can be in charge of their own data. That means they will know and acknowledge which of their data are being processed, by what companies, and for what reason. They will also be able to withdraw their consent if they choose to, and the website will have to return the data and stop using them.
Although GDPR is seen as a positive change by most users, it has not been yet fully functional. We have already seen many “Terms of Service” changes, but there are tons more to come until EU’s deadline at 25 May 2018.
GDPR has the potential to change the web as we know it, all that we have to do is wait for it.