The GDPR: The Future of Data Protection?
If you use the internet, you might have come across the GDPR. So, what really is it and how does it matter? It is called the General Data Protection Regulation, and it’s basically a European Union (EU) internet law. It went into effect on May 25, 2018. [1] The goal of the GDPR is to give EU citizens more power over their personal data and make sure that businesses that operate online are transparent in how they use people’s data.
Why is the GDPR important?
An important requirement that comes from the GDPR is the obligation for businesses to obtain explicit consent from users before collecting their data. [2] This means that if a person decides to visit a website and the website wants to collect information like an email address or name, the GDPR requires that the website ask for permission first. This consent must be specific, informed and freely given according to the text of the GDPR. This essentially means a person can’t be forced to give consent in order to access to a business’s website. [3]
Right to be Forgotten
Another important part of the GDPR is known commonly as the “right to be forgotten”. This rule from the GDPR essentially means that EU citizens can request that businesses with online presence delete their personal data if they no longer want it to be stored or used by the business. This is important when it comes to social media, where many users may want to remove online content that they posted before but now want gone. [4]
Right to Personal Data Usage
The GDPR also gives EU citizens the right to know how their own personal data is being used. This means that businesses have to be transparent about their data collection practices online. Even further the businesses must also provide users with a copy of their personal data upon request. [1]
Why does the GDPR matter for the world?
While the GDPR is a European law, it affects businesses around the world. The reason is that the GDPR applies to any business that has connections to EU citizens. Essentially, the GDPR applies to any business that collects, uses or stores personal data of EU citizens, regardless of where the business is located, incorporated etc. This has had the effect of leading many businesses to update their privacy policies and data protection practices to comply with the GDPR even if they don’t have strong connections to the EU.
Can it work in the USA?
The possibility of GDPR-like legislation in the United States is a topic of ongoing discussion and debate. The European Union has set a global standard for data privacy and the protection from the GDPR is progressive and groundbreaking. These days, there have been calls for similar legislation in the US. Especially since there have been a series of high-profile data breaches and overall concern about the collection and use of personal data by big tech companies. While some states have implemented their own data privacy laws, federally there hasn’t been much going on. There have been some proposals, but none have been made law yet. [5] However, looking at the growing public concern over data privacy and security, it seems possible that we may see federal legislation in the future that is similar in scope and impact to the GDPR.
References:
[1] European Union. (2018). General Data Protection Regulation (GDPR). Retrieved from https://eur-lex.europa.eu/eli/reg/2016/679/oj
[2] GDPR.eu. (n.d.). GDPR Summary. Retrieved from https://gdpr.eu/what-is-gdpr/
[3] Lindberg, J., & Lerner, J. (2018). The GDPR: What it Means for US Companies. Harvard Business Review. Retrieved from https://hbr.org/2018/05/the-gdpr-what-it-means-for-us-companies
[4] Purcell, S. (2019). GDPR: One Year Later. Forbes. Retrieved from https://www.forbes.com/sites/simonpurcell/2019/05/22/gdpr-one-year-later/?sh=1f7c4dd079f4
[5] Duball, J. (2023). US House lawmakers keep federal privacy legislation top of mind. Retrieved April 2, 2023, from https://iapp.org/news/a/us-house-lawmakers-keep-federal-privacy-legislation-top-of-mind/