The European law on data privacy has come into force from today, May 25, 2018. The much-awaited law by/for/of European citizens and a threat to all online services, European Union's General Data Protection Regulation (EU GDPR) is live. Now there exists a complete copy of guidelines on how the companies can collect, process, manage and store user information. And if anybody is found not complying with the data protection law, a hefty penalty is awaiting.

Wait, while I am writing this, privacy activists have already filed complaints against Facebook, its subsidiaries – Instagram and WhatsApp and Google’s Android.

Okay, so this is happening. It is as if the data protectors were just waiting for the EU GDPR to roll out. They knew these technology giants will be caught under one or the other data breach policies.

Facebook, Google Under the Radar of EU GDPR

The serial Facebook petitioner and the Austrian lawyer, Max Schrems has registered data protection complaint against the social media giant and its subsidiaries. Another similar complaint is filed in France regarding the consent requirements of Google’s Android.

As per the new data privacy law of Europe, the companies can process online information if and only if there is a valid reason to valid basis to do so. For example ‘Gmail’ doesn’t need permission to access the e-mail id for sending or receiving emails. It’s because that’s what it does. But yes, ‘Gmail’ has to take user permission, if it wants to use the information for advertising purpose.

“Facebook has even blocked accounts of users who have not given consent. In the end, users only had the choice to delete the account or hit the ‘agree’ button–that’s not a free choice; it more reminds of a North Korean election process,” Schrems mentioned in a public statement. “Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under EU GDPR in most cases.”

EU GDPR

An action towards compliance to GDPR. Source: Max Schrems's statement

Why is EU GDPR getting so much attention?

EU GDPR law is European in nature and it is created to protect European citizens’ privacy solely. In a way, it affects the global digital services.

To elaborate, the General Data Protection Regulation is a standard law that provides residents of the European Union a strict control over their personal digital information. Further, EU GDPR explains rules, responsibilities, and law to all online services along with European users.

Complying with the new data privacy law, it is important for companies to inform European citizens what data they are storing along with providing rational reasons. If any European resident commands a company to delete/modify/send his or her stored data, the latter has to comply, no matter what!

Yesterday, in a note released on European Commission website, Andrus Ansip, Vice-President for the Digital Single Market, stated: “Our new data protection rules were agreed for a reason: Two thirds of Europeans are concerned about the way their data was being handled, feeling they have no control over information they give online.” He added, “Companies need clarity to be able to safely extend operations across the EU. Recent data scandals confirmed that with stricter and clearer data protection rules we are doing the right thing in Europe.”

In Case of Privacy Breach

The new European law on data privacy rules companies to send notification within 72 hours, in case of the data breach. For instance, Facebook did not let know the users know about the data leakage back in 2015 with respect to Cambridge Analytica personality quiz.

Echoing the concern over data privacy, Vĕra Jourová, Commissioner for Justice, Consumers and Gender Equality said, “Personal data is the gold of the 21st century. And we leave our data basically at every step we take, especially in the digital world. When it comes to personal data today, people are naked in an aquarium.”  

Enforcement of EU GDPR

If found violating any EU GDPR law, the companies will face hefty penalties. The maximum fine for EU GDPR violation is 20 million Euros ($23.4m) or 4 percent of a company's annual global turnover from the year before, whichever is higher. This is quite expensive, strict and inevitable to ignore.

Happy May 25

A number of influential US sites have blocked their services for EU users today. Few news sites whose services remained affected in EU region are - The Los Angeles Times, the Chicago Times, New York Daily News, Chicago Tribune, LA Times, Orlando Sentinel and Baltimore Sun.

A typical message on these websites reads: "Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market."

On the other side, The New York Times and CNN services are operational in EU region. Likewise, The Washington Post and Time have updated their terms and conditions as per EU GDPR law and are now requiring EU users to agree to them.