An attendee uses a mobile phone whilst looking at his laptop computer screen in the TechCrunch Disrupt London 2015 Hackathon in London, U.K. (Photographer: Luke MacGregor/Bloomberg)

Europe Embraces New Privacy Rules: Check Your Settings

(Bloomberg) -- Hullo, Alex Webb here. I write about European tech for Bloomberg Opinion in London. If you live in Europe, you'll in recent weeks no doubt have been regularly pestered by alerts and messages asking you to review your privacy settings.

It's a product of the European Union's General Data Protection Regulation, which finally takes effect on May 25.

After a few weeks of procrastination, I got around to going over my own settings yesterday. Facebook came first. I counted 12 screens I had to read and approve (or reject — facial recognition? No, thank you).

Complaints about the length of T&Cs are a hoary old chestnut, so I won't go there. Companies are in a bit of a pickle, anyway. The GDPR requires  them to explain how data are used, but also to avoid the legalese we've grown accustomed to hastily skipping through and ignoring ("the request for consent must be given in an intelligible and easily accessible form").

Meanwhile, they also need to protect their businesses — for Facebook, that means selling targeted ads based on your data and it therefore phrases the permissions ambiguously. In the Face Recognition tab, for instance, one stated reason is to "Show personalized content to you and others, like suggesting camera filters that you or your friends might also enjoy."

Ahem. I'm sure it will show personalized content, but that content is just as likely to be an ad as it is a filter, and it's disingenuous to imply otherwise.

If you haven't reviewed the new guidelines before GDPR kicks in, the odds are you'll be prevented from using the respective offerings of Facebook, Google or Twitter (the latter three are yet to pester me at length) until you've done so. Don't expect them to delete your data, though.

This is where some of GDPR's gray areas come in. Article 17 is known as the Right to be Forgotten. But that doesn't mean a given company will automatically wipe your data from its servers if you don't sign off on the new settings. You must instead actively ask for it to be deleted. And there are plenty of get-out clauses for why some might otherwise need to retain data (for example, credit agencies or insurers).

There remain plenty who are not yet GDPR compliant. But I doubt regulators will start cracking the whip straight out of the gate (the top fine is up to 20 million euros or 4 percent of global revenue, whichever is higher). 

You can instead expect some of the most egregious to be targeted in test cases, and that will be the main corporate concern: to do just about enough to ensure that the European Union doesn't make an example of your company, as it has done with Apple's Irish tax bill and Google's fine for skewing shopping search results. 

The EU's new privacy chief has already indicated she has Facebook in her sights, but I remain unconvinced that data-dependent companies are doing anything more than following the letter of the law, rather than its spirit.

In essence, very little has changed. It might be easier for you to get advertising companies like Google and Facebook to delete your data, but it remains your responsibility to ask them to do so. They are not going out of their way to make life easier for you.

I know the temptation will be simply to click “accept, accept, accept,” and carry on with your day, but we're being afforded an opportunity to wrest back some control of how our data is exploited. I implore you to use it.

This article also ran in Bloomberg Technology’s Fully Charged newsletter. Sign up here.

And here’s what you need to know in global technology news

The story behind Seattle’s Amazon tax. The dam bursts on pent-up frustration over trying to balance the city’s growing pains with the desire to attract new jobs. Listen to the Decrypted podcast

Another day, another round of defections from Tesla. Two executives from the energy side of the business depart

Apple’s changing investor base. Warren Buffett might be buying the iPhone maker’s shares, but institutional investors are cutting their holdings by the most in at least a decade. 

Thank you, may I have another $100 billion? After Masayoshi Son said he’s looking to start a second Vision Fund, we report on how much. The number won’t surprise anyone. 

To contact the author of this story: Alex Webb in London at

©2018 Bloomberg L.P.