What GDPR hath wrought
TAKE ADVANTAGE OF NEW PRIVACY SETTINGS THANKS TO NEW EUROPEAN LAWS.
BACK IN MAY this year, the long awaited General Data Protection Regulation (GDPR) finally took effect. In case you missed the flurry of emails back then, GDPR was a set of strict new privacy rules for companies operating in Europe.
The laws were the most progressive digital privacy rules of anywhere in the world, and they’ve had wide ranging effects on the service offerings of many companies, including many of the biggest players in social media and internet services.
If you haven’t already, it’s a good time to check out the privacy settings of all the online services that you use. A lot more power has been given to users thanks to GDPR, and you may find new options for privacy that weren’t there before.
Below, we’re going to look at what the “big five” have done in response to GDPR, but first we’ll explain just what GDPR is.
WHAT GDPR SAYS
So what does GDPR make companies do? Quite a lot actually, since it’s specifically designed to quell their worst instincts.
At the heart of GDPR is privacy by default, the right to be forgotten, and the power to control your own data. Under GDPR: All privacy settings on new accounts are supposed to be set to maximum by default. Companies cannot share personal data with others without your explicit permission. Companies have to fully disclose what data is being collected and why. Data used for metrics and not directly related to the core activity of the service must be anonymised (such as having names and IP addresses stripped out). Citizens have the right to see any data a company has on them. They also have the right to have that data deleted on request. All affected parties must be notified in the case of a data breach.
BUT ISN’T THIS JUST A EUROPE THING?
Technically, yes. The GDPR only applies to citizens of, and companies operating within the borders of, the European Union — an Australian citizen couldn’t make a claim under GDPR rules.
But, having implemented a whole new set of rules and tools for their European customers, most of the major multinational companies have also rolled out those changes worldwide. So in practice, you will get some of the benefits of GDPR, in the form of new tools and options on your accounts.
There are exceptions. In April, Facebook rather shamelessly moved 1.5 billion user account details out of its data centre in Dublin specifically so those accounts would not be subject to GDPR rules, for example. But by and large, most GDPR changes affect everyone.
SO WHO’S DONE WHAT? APPLE
Apple has a modest privacy upgrade as a result of GDPR, with a new portal and information pages for all users.
If you head to privacy.apple.com and log in with your Apple ID, you’ll see a new page that
Apple built in the wake of GDPR to meet the requirements that you can see, correct and delete personal information the company has stored on you.
On the site you can completely delete your account, which will remove your information from Apple’s servers. It also provides direct link to the Apple ID account page and Online Store settings where you can see and correct your data.
Facebook has taken only a few actions following GDPR, even going so far as moving personal information from data centres in Europe as noted above. Back in May, it did roll out a one-time privacy checkup for users globally, which asked about ad data, personal information and facial recognition, as well as provide an updated privacy statement on its website.
It modified its default settings for young people as well, automatically turning off face recognition and personal identifiers for people under the age of 18.
It also made the privacy settings a little easier to find thanks to a new privacy shortcuts menu, though the range of options hasn’t changed much. Facebook already did actually provide considerable tools to control, delete and manage accounts — it just tended to deliberately bury them so that most people never knew they had those options.
In terms of personal accounts, Google already had quite extensive privacy controls prior to the creation of GDPR. It had already allowed quite fine control over what information it collects, over the user’s right to be forgotten and over the data that Google had stored on you. As a consequence, it didn’t have to do much to be GDPR compliant — though it did create a rather extensive new privacy information page detailing what it does to keep data secure and offer users choice.
GDPR compliance was rather more complicated for its business cloud services, and Google provides comprehensive information on its updated cloud services at cloud.google. com/security/gdpr/.
MICROSOFT
Perhaps no service changed more than Microsoft’s thanks to GDPR. Microsoft had been lagging significantly behind Google when it came to privacy tools, but it caught up thanks to GDPR.
It introduced a new Privacy Dashboard on Microsoft accounts that lets users clear browsing search and location history, as well as voice and media activity. It lets you see health data and product information linked to your account and more. Essentially, it’s a portal into everything Microsoft has on you (which is a lot), and it lets you download it and delete it from the company’s servers. You can see the portal by going to
account.microsoft.com/privacy/ and logging in with your Microsoft account. There’s a lot there now, so take your time.
Just before GDPR was about to come into effect, Twitter rolled out a modest update to its privacy policy as well as tweaked some of its privacy tools. The biggest change was the new Personalization and Data settings that gave you more control over Twitter “personalisation” (ie. targeted ads) and how and whether your data was shared with other companies. It also allowed greater control over photo sharing and how much Twitter tracks you across web sites with embedded Twitter objects. It allows you to download, view and delete your data.
IF YOU HAVEN’T ALREADY, IT’S A GOOD TIME TO CHECK OUT THE PRIVACY SETTINGS OF ALL THE ONLINE SERVICES THAT YOU USE. A LOT MORE POWER HAS BEEN GIVEN TO USERS THANKS TO GDPR, AND YOU MAY FIND NEW OPTIONS FOR PRIVACY THAT WEREN’T THERE BEFORE.