Unless you’re someone who doesn’t use e-mail, you’ve probably been inundated with messages from various websites and online publications informing you about changes they’ve made to their privacy policy and seeking permission to continue sending you marketing materials.
This is all because of something called the GDPR, which stands for General Data Protection Regulation, a new European Union law that has just come into force. In a nutshell, GDPR requires companies to obtain clear consent for any personal data collected from their users.
It’s quite a sweeping and stringent legislation. There’s nothing like it in the US, where regulations tend to favour companies over the consumer when it comes to privacy. In the EU it’s the exact opposite and nothing makes that clearer than GDPR.
For a company to be GDPR-compliant, it’s not enough for it to seek consumer permission to collect data on them. It needs to also provide the consumer with different ways to control, monitor and even delete any data the company has collected on them. In addition, any data breach that happens must be reported within 72 hours.
Violations of this new regulation can cost companies up to 20 million Euros or 4 per cent of their annual global turnover. This isn’t chump change we’re talking about. No wonder companies are falling over themselves trying to comply with the GDPR requirements.
How companies collect data
Data collection is crucial to Internet companies because online advertising is how most of them generate income. Very few online companies actually charge for their services because the culture of “free” pervades the online world.
Search engines, social media networks and even news websites generally do not charge consumers any fee for their services. What they do is harvest consumer data and online behaviour in order to sell targeted online advertising.
Over the years, these companies have turned data collection into a science. That’s because data collection is at the very heart of online advertising. Online juggernauts Facebook and Google, for example, rely heavily on data to serve the right types of ads to different consumers.
Google collects massive amount of data when you’re using its various services and it can continue to collect data on you after you have moved on to other websites. It basically follows you around the web through the use of cookies. Its knowledge about your online behaviour is rivalled only by Facebook, another online behemoth, which relies heavily on data collection in order to do targeted online advertising.
It goes without saying that Google has all your e-mails (assuming you use Gmail), contacts, calendar, Google Drive documents, chat, etc. But did you know Google also stores your location whenever you turn on your phone.
It also has your complete search history across all your devices (phone, tablet, laptop, desktop). It even has information on every app you use on your phone as well as every single YouTube video you’ve ever watched.
To see all the information Google has on you, go to: myactivity.google.com/myactivity. You will be shocked at how well it has tracked your online activity. Google creates an advertisement profile based on all this information and allows advertisers to target you based on this profile. This is how it makes money. This is also why Google’s various online services are free of charge. Giving up our privacy is the price we pay for free services.
It’s the same with Facebook which collects just as much information on you as Google does, and possibly more because we interact so much more and divulge far more information about ourselves on social media
Google might know what you’re searching for but Facebook knows what you’re thinking about because of what you reveal about yourself through status updates and conversations via Facebook Messenger.
Not only does Facebook keep every single message you’ve ever sent through its Messenger app, it also knows about every document you’ve ever sent across. That, coupled with the videos you’ve uploaded, the status updates you’ve made, and the Pages and postings you’ve Like, Shared or Commented on, will allow Facebook to have a pretty good picture of who you are, what you’re into and what you’re likely to buy.
To see all the information Facebook has on you, go to www.facebook.com/your_information. Be ready to be shocked a second time.
Like Google, Facebook doesn’t charge for its services because it’s able to monetise the data it has on you by selling targeted ads to companies.
Global impact
Although GDPR is an EU regulation, it doesn’t mean the impact of this new law is confined to only the 28 member countries of the EU. It affects almost every major Internet company because they’d have visitors and customers from EU nations. The Internet, after all, is borderless. In that sense, the GDPR has actually set not just a European standard for data protection but also a global one because no major Internet company can possibly be exempt from it.
This all sounds good for the consumer whose privacy is finally taken seriously. However, the severity of the penalties for non-compliance has led some American websites to outright block EU users from accessing their content. For example, several news websites in the US have blocked European visitors. These include The Los Angeles Times, the Chicago Tribune, and The New York Daily News.
That’s a lot of people being blocked — close to half a billion live in the EU. But it’s not only European citizens who are being blocked. Even non-Europeans living in Europe would be affected. If you’re a Malaysian living in the UK, you can’t access these newspaper websites even though you’re not European at all.
But what about the people living in Malaysia? We can access these sites of course. So there’s very little impact in terms of our access to online content. And although the law is designed to protect EU citizens, most online companies that comply with the GDPR are applying those standards around the world (even though they don’t have to). So, in a way we have the best of both worlds. We benefit from extra privacy protection from a law that’s actually not designed to cover us but unlike the Europeans, we still have access to sites that choose not to comply with GDPR.