GDPR and Data Protection: Is this the Future?

Perhaps you’ve noticed that websites have begun noticing websites asking for your permission to collect data or to approve of their cookies policy. Last year, the 28-member nations of the European Union passed the General Data Protection Regulation or GDPR. So far, the new data protection regulation has successfully regulated the way businesses collect, keep, and use data collected from Internet users. Will the success of the GDPR in Europe lead to its international adoption of an international data protection law?

Changing Tides

More and more Internet users are conscious of how companies access, collect, and process personal and consumer data. With the growing use of behavioral advertisements and targeted ads, consumers are starting to worry about how much of their personal data is being collected. This has prompted lawmakers around the world to pass consumer protection laws and regulate companies and advertisers who use third-party trackers to collect useful consumer and personal data from Internet users. With the success of the GDPR in Europe, the future of online consumer protection may shift from national to international law.

What is the GDPR?

In the nutshell, the new data privacy laws in the EU helps consumers control the amount and type of personal data companies can collect from them. Consumers are asked to provide explicit consent for personal and sensitive data collected from them by companies. The GDPR also gives them data portability which means that consumers have the right to use the same personal data across a variety of services. Moreover, the GDPR has granted users the right to erasure, which basically mean companies can no longer store data collected when consumers opt out of their service. The law also protects consumers’ rights to be informed in the event of a data breach. Overall, the GDPR is imposed on all companies doing business online in Europe.

Impact of the GDPR

Unlike other data protection laws, the GDPR provides uniform protection across national borders. For companies that rely on data collection like Google and Facebook, the purpose limitation statutes of the GDPR has put barriers not only to the amount of data companies can collect from users but also what type of data they are allowed to collect. Without legitimate, clearly-stated purpose, online companies like Google and Facebook cannot collect personal or consumer data from their users. What’s more, the days when companies only provided broad, non-specific consent waivers is over. The GDPR requires companies to provide their users with access to their entire cookies and privacy policy. Now, companies like Apple, Facebook, and Google have updated their privacy policies, their user control setting and privacy options for their customers in Europe. The main question here is, Is the U.S. and the rest of the world going to do the same?

International Privacy Protection Laws

Since many of the companies affected by the GDPR operate internationally, some companies have taken the initiative to offer the same type of privacy protection to users outside the EU such as the United States. However, the success of the GDPR since its implementation last year has inspired other countries and some states to pass their own versions of stricter Internet privacy laws.
Both Brazil and India have taken steps to revise their country’s data privacy law and personal data protection laws. In August last year, Brazil passed its General Data Privacy Law that protects Brazilian citizens from abuse and misuse of consumer data. Companies who collect data from Brazilian citizens regardless of where the data is collected now have to comply with the new law.
Likewise, the California Privacy Act comes into effect a year from now and its provisions are similar to the GDPR. Under the new act, Californians now have the right to access all the data collected, stored, and shared to third party users. More importantly, the state now has the right to penalize companies that misuse and do not have adequate protection for user data.

How it affects you?

The GDPR does not apply to the United States but its presence has an impact on American consumers and companies. Large, multinational companies like Facebook, Amazon, and Apple prepare for the possible spread of national data privacy laws around the world. You may start to wonder why companies are filling your inbox with their revised privacy policy emails and see data privacy consent prompts on almost every website you visit for the first time. The bottom line is companies have learned with their experience in Europe and are now taking precaution for their users in the U.S. in the light of possible U.S. data privacy laws. Twitter, Amazon, Apple, and Google are now applying the same privacy and consumer protection to consumers outside Europe. This means that as a possible global adoption of GDPR may be inevitable, measures to keep your personal data have already been implemented.