Yesterday, the European Union passed a massive data protection overhaul, with new privacy rules to be enacted in April 2018. These “major reforms” will replace the existing laws, which were created in 1995 and did not adequately cover technological advances since then. The new reforms include two main components: The General Data Protection Regulation (GDPR) and the Data Protection Directive.
General Data Protection Regulation (GDPR)
This legislation is designed to offer citizens of the EU better control over their personal data. The GDPR aims to improve privacy protections for citizens, as well as offer benefits to businesses. It includes the following elements:
- More information on how citizens’ personal data is “processed”
- Data protection “by default” and “by design” in products and services
- “Privacy-friendly” default settings, for things like apps
- Portable personal data
- Clarification on Right to be Forgotten
- User consent for businesses to use data; data cannot be transferred without permission
- Stronger enforcement, including “data protection authorities” and fines for companies that don’t comply
- Reduced confusion with the new, single rule (as opposed to 28 differing rules)
These new rules will give users back the right to decide on their own private data.
– Jan Philipp Albrecht
Data Protection Directive
This directive outlines how personal data can be used by law enforcement in the EU, and how this data is used within the criminal justice system. It aims to:
- Protect citizen right to data protection in situations involving law enforcement and crime
- Permit authorities to exchange information “efficiently and effectively”
- “Prevent crime under conditions of legal certainty, fully in line with the Charter of Fundamental Rights”
This overhaul isa huge step forward, and major effort to amend outdated legislation in the EU surrounding data and online privacy. In many ways it includes positive protections, giving users control and visibility into data usage. The Guardian describes these rules as “groundbreaking.”
This news is also made more complex by the fact another law was approved in the EU yesterday, which will impose huge privacy violations by allowing massive data sharing for all people traveling in and out of the EU. We’ll be covering that law next week, so be sure to check our our blog again then!
Sources: Ars Technica, Access Now, Guardian