Finance

Facebook and Google accused of GDPR 'forced consent'

Facebook and Google accused of GDPR 'forced consent'

European regulators have in the past taken a tough stance of big tech companies not playing by the rules. And if they do that it specifies that "all account information and saved page data is deleted from the Instapaper service immediately" (though it also cautions that "deleted data may persist in backups and logs until they are deleted").

In addition to attempting to reduce the amount of information collected, GDPR will also govern how companies share that data with third parties. The law requires companies to obtain explicit consent for all services without getting them to click a single "I accept" button for a blank approval for using personal data.

GDPR gives users the right to be forgotten which in simple terms means that they can request businesses to erase any personal data they have.

The announcement comes just before Europe's General Data Protection Regulation, or GDPR, goes into effect May 25.

It outlines clear rules about how European Union citizens' data can be used by internet companies. "Enforcing its laws, Russian Federation has banned access to LinkedIn since 2016 and threatens to block Facebook in 2018 unless it agrees to comply with the data localisation laws".

Companies that did send out emails asking for renewed consent might find themselves in a tricky situation now, said Aaron Tantleff, privacy lawyer at Foley & Lardner. Google is embedding video (from its YouTube service, of course) to further explain the concepts.

Even where you have agreed to allow a company to store your personal data, that data must be stored in either an anonymized or encrypted form. Some are obvious, such as to fulfill contractual obligations - for instance, when an insurer pays out a claim.

If someone in the European Union wants a company in Jamaica to delete his or her data, send copies of the data, or correct an error, the local companies have to comply or risk a hefty fine. It also states that users can already access "all your personally identifiable information that we collect online and maintain", as well as saying people can "correct factual errors in your personally identifiable information by changing or deleting the erroneous information" - which, assuming those statements are true, looks pretty good for complying with portions of GDPR that are meant to give consumers more control over their personal data.

"We know that sharing our data safely and efficiently can make our lives easier, but that digital trail is valuable".

Data controllers will have to immediately notify consumers about the risks and measures taken to mitigate any data breaches, such as changing passwords or cancelling credit cards. Breaches of some provisions of the new rules can result in fines of up to €20 million or 4 percent of a business' total worldwide turnover for the previous year.

Today marks the start of Europe's tough new privacy regime, and despite two years of warning and preparation time, at least two newspaper chains in the US couldn't figure it out. "We build privacy and security into our products from the very earliest stages", Google said in the statement, "and are committed to complying with the EU GDPR".

Note that the rules are different depending on the data in question.

Which Companies Will It Impact?

Facebook has repeatedly said it would offer similar protections to its users outside of the EU.

Some companies are extending at least some EU-style protections to all users.

At UKC and UKH, we have been working hard to make sure our data complies with the new law.

Like many others, Tantleff said "even I got fed up when I receive 152 such consent emails in one day".