The European Union General Data Protection Regulation (GDPR) went into effect today, and it brings significant changes to how companies that deal with EU citizens' data can collect and process it. They will also be able to demand an organisation discloses all the personal data it holds on them more easily and, for the first time, for free. And on May 23, it announced that it would start showing similar pop-ups to users outside the EU.
Three years ago, ahead of Schrems' pivotal court battles with Facebook and before most people even knew what GDPR was, we caught up with Schrems during a visit to Dublin. But what does it mean for our human rights and why should you care? Facebook and Google, though, may have little to cheer about, now that they're sued for "forced consent" over new privacy rules. The new rules also require that data should only be used for the objective for which it was collected - this means that companies can not hang onto our data "just in case" they need it later.
Not much will change for you, at least right away; companies will keep on collecting and analyzing personal data from your phone, the apps you use and the sites you visit.
The right to rectification: This means you can change that personal data if it's incorrect.
The noyb complaints will test its entitlement under GDPR to run test cases for users, as well as new co-operation rules between national data protection bodies around Europe. Most other companies who have said the same thing have also been similarly vague on timing.
It covers everything from giving people an opportunity to obtain, correct or remove personal data about themselves, to outlining rules for disclosing security breaches, to providing easily understood privacy policies and terms of service. This is happening because the data previously gathered by companies on their users does not qualify for consent, so they need your explicit consent for the use of that data.
Any company, big or small, that operates in the European Union and collects user data must comply with the new law. If you would rather not have these cookies then you can opt-out of marketing cookies, but you will need to opt-in each time you want to watch a video.
Facebook founder Mark Zuckerberg faced questions from MEPs earlier this week about his company's collection of data. "Europeans' privacy will be better protected and companies benefit from a single set of rules across the EU". However for many companies it was a huge wakeup call because they never did their homework.
However, it may impose the biggest fine applicable in a particular case and the ultimate maximum fine could be either 20 million euros ($30 million Cdn), or four per cent of a company's annual global revenue, whichever is greater.
Companies that did send out emails asking for renewed consent might find themselves in a tricky situation now, said Aaron Tantleff, privacy lawyer at Foley & Lardner.