Coming to terms with new cyberlaw
Chinese businesses must square their policies with EU’s latest, and sometimes vague, regulations
Has your inbox just been deluged with emails from organizations you can barely recall, desperately begging you to stay in touch? Join the club. The cyberstorm was all to do with the coming into force on March 25 of the European Union’s General Data Protection Regulation, which is intended to reinforce online privacy.
The law contains 99 articles and is thousands of words long. So it is a fair bet that, just like the privacy terms we all have to tick off when we sign up to an online service, almost no one has actually read it.
Lawyers are among the few who might actually see a benefit from the uncertainties raised by the new regulations. They have been trawling through the fine print to determine, for example, how far Europe’s GDPR differs from China’s 2017 Cybersecurity Law and, if so, what that means for online service providers and retailers.
In a nutshell, the new EU privacy regime requires companies and organizations to ask explicitly if they may collect your data and also allow you to delete any information they collect on you.
The trouble is that the new terms are even longer than the old ones, which no one bothered to read anyway.
A decade ago — about a century in cybertime — a US study concluded that “privacy policies are hard to read … and do not support rational decision making”. The authors found it would take the average user around 40 minutes a day just to keep up with privacy policies.
The European GDPR pulls together a bunch of privacy regulations that had sprouted alongside the growth of internet use.
The new rules were spelled out two years ago. By coincidence, however, they have come into force at a time when a series of scandals have exposed the extent to which big online companies mine data from users to make their huge profits.
That, in turn, has been linked to accusations that data has also been exploited to manipulate the outcome of elections in the West, from the US vote for Donald Trump to the Brexit vote in Britain.
Facebook CEO Mark Zuckerberg had to spend an uncomfortable few hours being grilled by the US Congress on alleged misuse of data, while in the UK an advocacy group said it planned to sue Google for $4.3 billion for undeclared data gathering.
Social media users who for years had been posting nothing more damaging than cat photos online were suddenly horrified at the idea that Big Brother was watching them. Some decided to cancel their accounts in a vain attempt to scrub their online identities.
Rather than embracing the protections offered by the GDPR, the anecdotal evidence is