Europe Embraces New Privacy Rules: Check Your Settings
It's a product of the European Union's General Data Protection Regulation, which finally takes effect on May 25.
After a few weeks of procrastination, I got around to going over my own settings yesterday. Facebook came first. I counted 12 screens I had to read and approve (or reject — facial recognition? No, thank you).
Complaints about the length of T&Cs are a hoary old chestnut, so I won't go there. Companies are in a bit of a pickle, anyway. The GDPR requires them to explain how data are used, but also to avoid the legalese we've grown accustomed to hastily skipping through and ignoring ("the request for consent must be given in an intelligible and easily accessible form").
Meanwhile, they also need to protect their businesses — for Facebook, that means selling targeted ads based on your data and it therefore phrases the permissions ambiguously. In the Face Recognition tab, for instance, one stated reason is to "Show personalized content to you and others, like suggesting camera filters that you or your friends might also enjoy."
Ahem. I'm sure it will show personalized content, but that content is just as likely to be an ad as it is a filter, and it's disingenuous to imply otherwise.
If you haven't reviewed the new guidelines before GDPR kicks in, the odds are you'll be prevented from using the respective offerings of Facebook, Google or Twitter (the latter three are yet to pester me at length) until you've done so. Don't expect them to delete your data, though.
This is where some of GDPR's gray areas come in. Article 17 is known as the Right to be Forgotten. But that doesn't mean a given company will automatically wipe your data from its servers if you don't sign off on the new settings. You must instead actively ask for it to be deleted. And there are plenty of get-out clauses for why some might otherwise need to retain data (for example, credit agencies or insurers).
There remain plenty who are not yet GDPR compliant. But I doubt regulators will start cracking the whip straight out of the gate (the top fine is up to 20 million euros or 4 percent of global revenue, whichever is higher).
You can instead expect some of the most egregious to be targeted in test cases, and that will be the main corporate concern: to do just about enough to ensure that the European Union doesn't make an example of your company, as it has done with Apple's Irish tax bill and Google's fine for skewing shopping search results.
In essence, very little has changed. It might be easier for you to get advertising companies like Google and Facebook to delete your data, but it remains your responsibility to ask them to do so. They are not going out of their way to make life easier for you.
I know the temptation will be simply to click “accept, accept, accept,” and carry on with your day, but we're being afforded an opportunity to wrest back some control of how our data is exploited. I implore you to use it.
This article also ran in Bloomberg Technology’s Fully Charged newsletter. Sign up here.
And here’s what you need to know in global technology news
Another day, another round of defections from Tesla. Two executives from the energy side of the business depart.
Thank you, may I have another $100 billion? After Masayoshi Son said he’s looking to start a second Vision Fund, we report on how much. The number won’t surprise anyone.
©2018 Bloomberg L.P.