EU pioneers privacy laws
One day we will all be grateful that Europe’s GDPR will claw back our own privacy
In the past two weeks your inbox will probably have been bombarded with e-mails requesting you to agree to new privacy rules about your personal data. It may be the first time you’ve seen the acronym GDPR (General Data Protection Regulation) but it won’t be the last. These EU regulations about how businesses handle personal data are a significant step in regaining control of our data and privacy.
In the face of an unprecedented invasion of our privacy — highlighted by Cambridge Analytica harvesting 87m Facebook users’ data to manipulate the 2016 US presidental elections and the Brexit vote — the EU has emerged as an unlikely hero.
EU functionaries in Brussels have often been accused of being smallminded bureaucrats for a range of seemingly pointless legislation, including on the curvature of a banana.
The EU itself claims talk of its dislike for “bendy bananas” was “the myth to end all myths” and that “straight and bendy [bananas] are not banned by the EU” but, to maintain quality, they must be “free from malformation or abnormal curvature”.
GDPR gives the lie to the Brexit arguments about leaving the EU due to such “meddling”. This legislation alone is worth it — notwithstanding the UK’S access to the world’s largest trading bloc. The privacy regulations came into effect on May 25 and are being taken so seriously because the consequences are so severe for failing to uphold them.
This is a good thing. With net neutrality potentially compromised in the US — despite a symbolic victory last week that attempts to keep the legislation that ensures all traffic is transmitted with equal importance by US Internet service providers — the world needs GDPR to protect online privacy.
The EU can fine offending companies as much as 4% of annual global revenue, a hefty sum for serial privacy-offending Facebook that might be as high as Us$1.6bn. Facebook has already moved 1.5bn of its users back to California from its headquarters in Ireland to avoid a potential conflict. So what exactly is GDPR? It “regulates the processing by an individual, a company or an organisation of personal data relating to individuals in the EU”, meaning a foreign company handling an EU citizen’s data could still be sanctioned by it.
Individuals must be notified when data is collected; who the company or organisation collecting it is; what purpose it will use it for; “the categories of personal data concerned; the legal justification for processing their data; for how long the data will be kept; who else might receive it; [and] whether their personal data will be transferred to a recipient outside the EU”.
People also “have a right to a copy of the data and other basic rights in the field of data protection”.
Though we will get some protection from GDPR, SA’S own Protection of Personal Information Act legislation is still being enacted. If we had such punitive costs for exploiting our data, SA would be a safe (cyber) place.
If only we had such punitive costs for exploiting our data, SA would be a safe (cyber) place