Tech­nol­ogy

Tough new Euro­pean data pri­vacy rules should have ben­e­fits here as well.

New Zealand Listener - - CONTENTS - by Peter Grif­fin

Tough new Euro­pean data pri­vacy rules should have ben­e­fits here.

Af­ter weeks of hear­ing about Face­book’s shock­ing data se­cu­rity lapses, you are prob­a­bly won­der­ing whom you can trust with the dig­i­tal de­tails of your life. The an­swer, it seems, is the Euro­pean Union.

On May 25, the 28 EU na­tions will be­gin en­forc­ing sweep­ing new data-pro­tec­tion laws known as the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR). It was en­acted by the Euro­pean Par­lia­ment in 2016, and com­pa­nies that process, store and use the data of people based in the EU have had two years to get their sys­tems in or­der to com­ply with it.

By early June, the sort of reck­less be­hav­iour that re­sulted in the per­sonal de­tails of at least 87 mil­lion Face­book users be­ing given to Bri­tish po­lit­i­cal con­sult­ing firm Cam­bridge An­a­lyt­ica could re­sult in crush­ing fines not just for EU com­pa­nies but for any firm mis­treat­ing the data of people in the EU.

The pro­vi­sions in­clude a re­quire­ment to in­form over­sight author­i­ties and vic­tims of se­ri­ous data breaches within 72 hours of breaches be­ing dis­cov­ered, the right for ser­vice users to be told within 30 days ex­actly what in­for­ma­tion a com­pany has on them and al­low­ing users to down­load their data in a for­mat they can take to a ri­val provider.

The GDPR will tighten the long-winded terms-and-con­di­tions state­ments that most of us click through without read­ing. Com­pa­nies will have to out­line ex­actly what data they are col­lect­ing, min­imise its col­lec­tion and gather in­for­ma­tion only for the pur­poses of pro­vid­ing the in­tended ser­vice. This will limit data-har­vest­ing by com­pa­nies that use weasel words to ex­tract user in­for­ma­tion so ad­verts can be aimed at them.

There will be reg­u­lar au­dits to keep data pro­ces­sors hon­est, and the big play­ers will have to ap­point a data-pro­tec­tion of­fi­cer to over­see data poli­cies and an­swer re­quests for in­for­ma­tion.

The laws have teeth: non-com­pli­ance will be met with fines of up to €20 mil­lion or 4% of a com­pany’s turnover, which­ever is larger. This is the strong­est mea­sure to check the power of Big Tech to date.

The US has ac­cepted a lais­sez­faire ap­proach to data pro­tec­tion and reg­u­la­tion of its tech giants in gen­eral, some­thing un­likely to change un­der Pres­i­dent Don­ald Trump.

Not so Brus­sels, which in the past few years has slapped a US$2.7 bil­lion fine on Google for an­ti­com­pet­i­tive be­hav­iour, in­tro­duced a “right to be for­got­ten” law that lets EU cit­i­zens have search-en­gine re­sults about them erased and pro­posed in­creas­ing the taxes paid by tech giants in the EU.

Although the laws are aimed at pro­tect­ing EU cit­i­zens, we will ben­e­fit by de­fault. Al­ready, Ap­ple has rolled out new pri­vacy fea­tures to be­come GDPR-com­pli­ant. Face­book’s Mark Zucker­berg, who has been un­der pres­sure since the data scan­dal came to light, said changes ap­plied to EU users would take ef­fect glob­ally. Many other com­pa­nies will be ask­ing you over the next cou­ple of months to read their up­dated data pri­vacy poli­cies. Take a mo­ment to do so.

The GDPR’s reach will ex­tend to New Zealand com­pa­nies with cus­tomers in the EU, such as ac­count­ing soft­ware provider Xero and Air New Zealand. The laws will also ap­ply in post-Brexit Bri­tain. The com­pli­ance costs will be sig­nif­i­cant and the com­plex­i­ties of how data is pro­cessed and stored will gen­er­ate plenty of busi­ness for lawyers and IT con­sul­tants.

But the tim­ing of the GDPR’s ar­rival is un­canny. Face­book’s woes are a cat­a­lyst for change. The EU has the man­date to act, and New Zealand pri­vacy leg­is­la­tion is be­fore Par­lia­ment for an over­haul, with pro­vi­sions such as data breach no­ti­fi­ca­tions on the cards here too.

Fi­nally, enough of us are wak­ing up to the im­pli­ca­tions for our pri­vate lives and democ­racy of the big-data swin­dle. GDPR should be a spur to bet­ter be­hav­iour and greater trust world­wide when it comes to safe­guard­ing our data.

Mark Zucker­berg: EU changes will be global.

Newspapers in English

Newspapers from New Zealand

© PressReader. All rights reserved.