The European Union has adopted a new law on data protection. It is the General Data Protection Regulation, commonly referred to as the GDPR. This Friday comes into force in the EU's 28 member states
The law changes the rules for companies that collect, store or process large amounts of information about EU citizens and need more openness about what data they have and who they share
That means you, Facebook
It also means that any company with a digital presence in the EU (which still includes the UK for the time being) must abide by the law or be rigidly punished.
The deadline for compliance with the law has been set since the adoption by the European Parliament in April 201
The DSGVO occurred several times duringin April, and it was a major focus Tuesday, as members of . EU officials said to DSGVO questions and promised to follow the answers in writing.
"I think the DSGVO will generally be a very positive step for the Internet," Zuckerberg told US lawmakers, discussed Facebook's plansand becomes over on the site.
Not only the well-known names of the internet like Facebook have to be. Healthcare providers, insurers, banks and other companies that trade sensitive personal information will also be alert.
The GDPR will have a significant impact on our online footprints and how they protect and exploit the apps and services we use. Here's what you need to know.
What is DSGVO?
The General Data Protection Regulation is a comprehensive law that gives residents of the European Union more control over their personal data and seeks to clarify rules and responsibilities for online services with European users. It replaces the previous EU data protection law of 1995 and dramatically changes the existing conventions.
The regulation broadens the scope of what companies need to take into account personal data and requires them to closely monitor the data they have stored for EU citizens. If someone in the EU wants a company to erase their data, send copies of the data, or correct an error in the data, companies need to adhere to it.
The law continues. EU citizens can now oppose the specific way companies use their data and say that they do not mind if a company stores the data for as long as it no longer uses the information for a particular purpose.
The law requires companies to notify users within 72 hours of a data breach – which very few companies currently do. During the breaches of Equifax, which revealed the personal information of millions of people in the US and beyond, the company stopped the attack for weeks and then planned how to handle the damage before informing the public.
How will the EU enforce the GDPR?
Each EU member state will have its own enforcement mechanism with one GDPR per country.
Residents can complain to the competent body in their respective country. Companies that violate the law must pay fines that can be very high. The maximum penalty for a violation of the GDPR amounts to 20 million euros or 4 percent of the annual world turnover of a company from the previous year, whichever is higher.
When does the GDPR come into force?
Friday. The regulation was ratified in 2016 and the organizations received a two-year "transposition deadline" for preparation. This reprieve ends on May 25, 2018, when enforcement is in effect.
Does this law only apply to companies based in the European Union? Gettyimages-645750099.jpg “height =” 0 “width =” 370 “daten-original =” https://cnet4.cbsistatic.com/img/DfUeF9quxVmMACtuKFAcziQHiPM=/370×0/2016/12/09/cd65d2b8-c01e-40e7-8341-22ecd65ee27e/gettyimages-645750099.jpg “/>
Christian Ohde / Getty Images
Christian Ohde / Getty Images
No – and these are the main international news. The GDPR applies to any organization that collects, processes, manages or stores the data of European citizens. This includes most major online services and companies that collect, process, manage or store data. For this reason, the GDPR essentially sets a new global standard for data protection.
What kind of data does the Data Protection Regulation protect?
The Regulation applies to a wide range of personal data, including the name of a person and the government ID. It also protects information that can show a person's activity both online and in the real world. This includes location information, as well as IP addresses, cookies, and other data that companies use to track users while surfing the Internet.
How does this affect Facebook and other social media companies?
This includes throttling in 2007 through the company's controversial beacon advertising program, which transfers user activity to partners sites. And do not forget the user riot when Facebook and its daughter Instagram. The GDPR makes it clear that this type of activity is not in order.
In his testimony during a joint hearing of the Senate Judiciary and Trade Committees on April 10, Zuckerberg declared his support "in principle" for a DSGVO-like opt-in standard for users before giving up her data – but he has not committed, adds "details important."which he left open during a brief break contained a warning: "Do not say that we are already doing what DSGVO demands.")
How will that affect me, a non-EU citizen?
Facebook, Microsoft, Twitter, Apple and others have offered users some extra rights to their data outside the European Union
But these rights are not final, which means that you can not file a complaint against Microsoft for violating the GDPR if you are not resident in the EU. While you enjoy these rights only as long as a company says you do, it shows that European regulations are changing the way large companies tackle user data.
Could the EU disapprove of Facebook for sketching things it has done in the past?
Does not seem. In an interview with Bloomberg, EU Justice Commissioner Vera Jourova said that the new DSGVO rules "are not applicable [Cambridge Analytica scandal] since no retroactivity is possible".
How does regulation affect hacks and attacks?
Under DSGVO, companies that have lost control of customer data or have been hacked must notify users within 72 hours. That's one of the rules that includes the maximum penalty. For example, if it is determined that Facebook has not been respected, it could be liable for a fine of $ 1.6 billion (based on its $ 40 billion annual revenue in 2016).
Is there special protection for minors?
The GDPR requires companies and organizations to obtain parental consent to the processing of personal information of children under the age of 16.
Does the US have a legal equivalent to the GDPR?
No. Most states have their own laws governing data breaches and reporting obligations, and most only apply to a limited set of data: social security numbers and health or financial information.
on how public companies should disclose violations and risks.
Californians could vote on a privacy law this year, the California Consumer Information Disclosure and Sale Initiative. This would allow residents to request copies of their data from companies, find out to which third party companies the companies have sold their data, and ask companies not to sell or share their personal information.
First published on April 4 at 6:00 pm PT.
Updated on April 11 at 13:24 PT: Added Mark Zuckerberg's quotes and other information from his performances before Congress
Updated May 24 at 5:00 pm PT: Added more Details on the law and its impact outside the EU and on Zuckerberg's appearance before the European Parliament
Cambridge Analytica: Everything You Need to Know About the Facebook Data Mining Scandal
Protect Yourself: A Guide to the different ways you can protect your privacy online.