Skip to main content

What Is the GDPR? The EU’s Online Privacy Law: Explained

Privacy wonks won't shut up about 'GDPR,' and it's worth learning why

What is GDPR? And why should I care?

As soon as Facebook’s data abuse scandal broke, questions of legality and regulation quickly came into focus. Most notably, the scandal found itself at odds with a piece of legislation in the European Union (EU) called the General Data Protection Regulation (GDPR), which plenty of Americans were hearing about for the first time.

Recommended Videos

Even though Facebook is a company based in the U.S., due to the nature of the internet, regulations like GDPR have far-reaching consequences for individuals and companies all around the world. Facebook may have gone to D.C., but GDPR is what it should really be afraid of.

Based in the EU, active worldwide

The GDPR is a landmark piece of legislation in the EU that enshrines stronger data protection and digital privacy laws for EU citizens. Replacing the 1995 Data Protection Directive, the GDPR is an attempt to give internet users more of a say in how their data is used and mandates companies to adhere to strict guidelines on how it is collected, stored, and leveraged. Slated to come into law on May 25 2018, it stands to make a dramatic impact on a variety of international companies and services.

The GDPR is an attempt to give people a say in how their data is used and mandates strict guidelines on how companies collect, store, and leverage it.

Although the GDPR has had its critics, there’s no stopping it now. It was adopted in 2016 and is now set to be implemented and enforceable after a two-year transition period, most recently showing its teeth in the Facebook data abuse case. Even more important in the case of that social network though, is that its data-processing center is in Ireland, making anyone outside of the U.S. and Canada legally covered by the new legislation.

Facebook itself may go even further than that though. During a recent hearing with the House committee, Facebook CEO Mark Zuckerberg said (mostly) clearly that the plan was to extend all new rights under the GDPR to all Facebook users. That would include those within the U.S. and Canada too. That could mean data handling parity and additional privacy tools for American Facebook users.

In turn, that could mean big things for entities like Cambridge Analytica, which make a point of operating in international grey areas. The fact that similar organizations collect data through social networks using their own APIs, could leave those networks vulnerable to the new legislation in turn and may lead to a further crackdown on such practices.

Bill Clark/Getty Images

While all of this may seem a little complicated at first glance, the GDPR’s main purpose is to update international data protection laws for the 21st century. As it stands, countries are bound by laws created in the 1990s with individual EU countries all having their own privacy laws and mandates. Where the 1995 Data Protection Directive allowed for such nuance in different countries, the GDPR is a regulation, which means it is a hard law, not a minimum requirement. The GDPR will attempt to unify Europe’s digital data regulations under one banner to make operating within those countries as a data collector or processor more uniform.

Protections for the individual

Although the GDPR is likely to have the biggest day-to-day impact on the operations of corporations and online businesses, its main purpose is to protect internet users themselves. As part of the GDPR’s implementation, EU citizens will have a number of new powerful rights when it comes to their online information. That data can be as public as their name, or as personal as their medical information. If a company or other online entity collects it or processed that information in any capacity, they are bound to protect it and offer a number of services to the person that data is about.

If a company or other online entity collects it or processed that information in any capacity, they are bound to protect it and offer a number of services to the person that data is about.

The first of these new online rights for EU citizens is a right to be informed about what data is being collected, how it’s being used, and how long it will be retained for. That should mean sites like Facebook have far more in-depth privacy policies and will need to update them regularly as new data uses are employed. Companies may still be able to collect and store data, but not leverage it in any way.

Perhaps the most important power the GDPR gives EU internet users though, is related to the right to objection and “profiling.” Effectively, any website or service which uses personal data for direct marketing or for creating a “profile” of a person for other means, can be requested to cease such operations by the affected user.

Image used with permission by copyright holder

In the case of companies like Google and Facebook, that could mean that users opt out of the very advertising profiling strategies which have made them such mega giants of online advertising. In theory, it could create real problems for their revenue streams — though it’s also possible it could cripple the competition and allow them to consolidate dominant positions.

The big caveat to all of these changes and improvements to online privacy, is that legally, they only extend to EU citizens. However, as with the case of Facebook, it may be that companies wanting to not get caught out by the legislation simply extend the additional rights to all users globally. There is no guarantee of that, but with Facebook leading the way, it’s certainly a possibility.

It is of real importance that organizations take these new regulations seriously, as there are severe sanctions in place should the GDPR be fallen afoul of. While there are low-level sanctions such as a written warning for first-offenses or non-intentional noncompliance, regular data protection audits can follow — and from there the repercussions become steep. Fines of between 20 million euros ($25 million) and four percent of a company’s annual worldwide turnover, whichever is higher are possible, though lesser fines of $10 million or two percent of annual turnover could be applied in other cases.

Topics
Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Nvidia might never top the RTX 4090
The Nvidia RTX 4090 sitting on a table.

The RTX 4090 might be the best graphics card Nvidia has ever released, and we may never see a flagship quite on the same level ever again.

There's no doubt the RTX 4090 is extremely powerful, but it's not raw power alone that made it the flagship to end all flagships. I mean, the new RTX 5090 is already faster, and I'm confident Nvidia will continue to release massive GPUs that cost thousands of dollars in the future. But the RTX 4090 remains a crowning achievement for Team Green, and an inflection point for graphics cards more broadly.
A flagship like no other

Read more
Apple’s AR smart glasses may not be dead, after all
Person wearing Meta Orion smart glasses.

It seems Apple’s plans for making AR glasses are not dead after all, though it might take some time before the company puts them on the shelves. Bloomberg recently reported that Apple has shelved its AR smart glasses project, just like its doomed car project.

Now, the outlet claims that Apple has not entirely given up on that category. “I’m told that Apple’s long-term goal of standalone AR glasses remains intact, and the company will keep working on underlying technology — like screens and silicon — to help make such a device more feasible,” writes Mark Gurman in the latest edition of his PowerOn newsletter.

Read more
The 8 best color laser printers for 2025: tested and reviewed
The Color LaserJet Pro 4301fdw has good photo print quality on glossy paper.

The best color laser printers are a great investment that can save you time and money compared to cartridge-based inkjet printers. Laser printers use toner, which lasts a long time, delivering a low cost per page for monochrome documents and incredibly fast color prints. The best color laser printers offer high-quality prints and reliability that help keep your home office or small business productive.

If you need to scan documents for record-keeping and photo capture or want the convenience of a color copier, an all-in-one color laser printer is an essential tool for your small business or personal use. For a small added cost, you get expanded capabilities. That's why we include several all-in-one models from the best printer brands.

Read more