What Is the GDPR? The EU’s Online Privacy Law: Explained

Privacy wonks won't shut up about 'GDPR,' and it's worth learning why

As soon as Facebook’s data abuse scandal broke, questions of legality and regulation quickly came into focus. Most notably, the scandal found itself at odds with a piece of legislation in the European Union (EU) called the General Data Protection Regulation (GDPR), which plenty of Americans were hearing about for the first time.

Even though Facebook is a company based in the U.S., due to the nature of the internet, regulations like GDPR have far-reaching consequences for individuals and companies all around the world. Facebook may have gone to D.C., but GDPR is what it should really be afraid of.

Based in the EU, active worldwide

The GDPR is a landmark piece of legislation in the EU that enshrines stronger data protection and digital privacy laws for EU citizens. Replacing the 1995 Data Protection Directive, the GDPR is an attempt to give internet users more of a say in how their data is used and mandates companies to adhere to strict guidelines on how it is collected, stored, and leveraged. Slated to come into law on May 25 2018, it stands to make a dramatic impact on a variety of international companies and services.

The GDPR is an attempt to give people a say in how their data is used and mandates strict guidelines on how companies collect, store, and leverage it.

Although the GDPR has had its critics, there’s no stopping it now. It was adopted in 2016 and is now set to be implemented and enforceable after a two-year transition period, most recently showing its teeth in the Facebook data abuse case. Even more important in the case of that social network though, is that its data-processing center is in Ireland, making anyone outside of the U.S. and Canada legally covered by the new legislation.

Facebook itself may go even further than that though. During a recent hearing with the House committee, Facebook CEO Mark Zuckerberg said (mostly) clearly that the plan was to extend all new rights under the GDPR to all Facebook users. That would include those within the U.S. and Canada too. That could mean data handling parity and additional privacy tools for American Facebook users.

In turn, that could mean big things for entities like Cambridge Analytica, which make a point of operating in international grey areas. The fact that similar organizations collect data through social networks using their own APIs, could leave those networks vulnerable to the new legislation in turn and may lead to a further crackdown on such practices.

mark zuckerberg testimony header
Bill Clark/Getty Images

While all of this may seem a little complicated at first glance, the GDPR’s main purpose is to update international data protection laws for the 21st century. As it stands, countries are bound by laws created in the 1990s with individual EU countries all having their own privacy laws and mandates. Where the 1995 Data Protection Directive allowed for such nuance in different countries, the GDPR is a regulation, which means it is a hard law, not a minimum requirement. The GDPR will attempt to unify Europe’s digital data regulations under one banner to make operating within those countries as a data collector or processor more uniform.

Protections for the individual

Although the GDPR is likely to have the biggest day-to-day impact on the operations of corporations and online businesses, its main purpose is to protect internet users themselves. As part of the GDPR’s implementation, EU citizens will have a number of new powerful rights when it comes to their online information. That data can be as public as their name, or as personal as their medical information. If a company or other online entity collects it or processed that information in any capacity, they are bound to protect it and offer a number of services to the person that data is about.

If a company or other online entity collects it or processed that information in any capacity, they are bound to protect it and offer a number of services to the person that data is about.

The first of these new online rights for EU citizens is a right to be informed about what data is being collected, how it’s being used, and how long it will be retained for. That should mean sites like Facebook have far more in-depth privacy policies and will need to update them regularly as new data uses are employed. Companies may still be able to collect and store data, but not leverage it in any way.

Perhaps the most important power the GDPR gives EU internet users though, is related to the right to objection and “profiling.” Effectively, any website or service which uses personal data for direct marketing or for creating a “profile” of a person for other means, can be requested to cease such operations by the affected user.

what is the gdpr goldman sachs graph

In the case of companies like Google and Facebook, that could mean that users opt out of the very advertising profiling strategies which have made them such mega giants of online advertising. In theory, it could create real problems for their revenue streams — though it’s also possible it could cripple the competition and allow them to consolidate dominant positions.

The big caveat to all of these changes and improvements to online privacy, is that legally, they only extend to EU citizens. However, as with the case of Facebook, it may be that companies wanting to not get caught out by the legislation simply extend the additional rights to all users globally. There is no guarantee of that, but with Facebook leading the way, it’s certainly a possibility.

It is of real importance that organizations take these new regulations seriously, as there are severe sanctions in place should the GDPR be fallen afoul of. While there are low-level sanctions such as a written warning for first-offenses or non-intentional noncompliance, regular data protection audits can follow — and from there the repercussions become steep. Fines of between 20 million euros ($25 million) and four percent of a company’s annual worldwide turnover, whichever is higher are possible, though lesser fines of $10 million or two percent of annual turnover could be applied in other cases.


All the best Amazon Black Friday deals for 2018

Amazon may be an online-only retailer, but that doesn’t mean its Black Friday sales are anything to sniff at. In fact, due to its online status, Amazon has huge flexibility with the range of products and deals it can offer. Here's our…
Movies & TV

How to watch NFL games online, with or without cable

The NFL's 2018 season is here, and we know you don't want to miss a moment of the action. Our comprehensive streaming guide will show you all the best options to watch the games online so you can make the right choice.
Home Theater

From the Roku Ultra to the Fire TV Cube, these are the best streaming devices

There are more options for media streamers than ever, so it’s more difficult to pick the best option. But that’s why we're here. Our curated list of the best streaming devices will get you online in no time.

Recover your beloved data with these great software tools

The best data recovery software isn't always free, but whether you've lost files on a hard drive, SD card, or even physical media like CDs and DVDs, there's a chance they'll be able to get that data back.
Emerging Tech

Intel’s new ‘neural network on a stick’ aims to unchain A.I. from the internet

To kick off its first developer conference in Beijing, Intel unveiled the second generation of its Neural Compute Stick -- a device that promises to democratize the development of computer vision A.I. applications.

Convert your PDFs into convenient Word documents

PDF files are great, but few document types are as malleable as those specific to Microsoft Word. Here's how to convert a PDF file into a Word document, whether you prefer to use Adobe's software suite or a freemium alternative.
Product Review

If the Surface Studio 2 can't win over Mac fans, nothing can

Most creative professionals are staunchly planted in the Apple camp, but with the Surface Studio 2, Microsoft is making a serious attempt to win them over. Despite its niche appeal, you’ll wish you had a few grand to drop on this beauty.

These laptop makers produce the most reliable, quality hardware today

If you want to buy your next laptop based around a specific brand, it helps to know which the best brands of laptops are. This list will give you a good grounding in the most reliable, quality laptop manufacturers today.

Here are the best laptop deals for November 2018

Whether you've started a new school year, are shopping for a student, or you just need a new computer, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.

If the speed of AMD’s Radeon RX 590 doesn’t entice you, the game bundle will

AMD's Radeon RX 590 is a new video card that targets 1080p gaming at maximum detail. Starting at $280, it fills a gap between the Radeon RX 580 and the more expensive Radeon RX Vega. AMD says the new RX 590 can beat Nvidia's GTX 1060 Ti.

Microsoft Surface Studio 2: Everything you need to know

Microsoft's Surface Studio 2 comes with a new CPU, new graphics card, and a brighter display -- but is all of that worth the higher cost? Here's everything you need to know about the Surface Studio 2.

Want to use one drive between a Mac and Windows PC? Partitions are your best bet

Compatibility issues between Microsoft Windows and Apple Mac OS X may have diminished sharply over the years, but that doesn't mean they've completely disappeared. Here's how to make an external drive work between both operating systems.

Microsoft turns on the lights with a new white theme in Windows 10 update

Microsoft is introducing a new light theme in the upcoming version of Windows 10 and is currently beta testing the change with Windows Insiders. The clean-looking theme brings a much-needed facelift to Windows.

Four Andromeda-related Microsoft patents hint at new ways to use the device

Andromeda might be getting even more real as four Microsoft patents have surfaced recently, all of which hint at possible new use cases and other new configurations for the device.