Brussels, Belgium, May 24 – Companies made a last-minute rush Thursday to comply with new European Union data protection laws that Brussels says will protect consumers from being like “people naked in an aquarium”.
The EU’s so-called General Data Protection Regulation takes effect on Friday and has been blamed for a flood of spam emails and messages as firms seek the explicit consent of users to contact them.
Britain’s data protection watchdog, the Information Commissioner’s Office (ICO), said that its site had experienced “a few interruptions” as the deadline loomed, but said that “everything is working now”
Brussels however insists that the laws will become a global benchmark for the protection of people’s online information, particularly in the wake of the Facebook data harvesting scandal.
“The new rules will put the Europeans back in control of their data,” said EU Justice Commissioner Vera Jourova — ironically echoing the slogan of “Take Back Control” that Britain’s pro-Brexit supporters have used.
“When it comes to personal data today, people are naked in an aquarium.”
Companies can be fined up to 20 million euros ($24 million) or four percent of annual global turnover for breaching the strict new data rules for the EU, a market of 500 million people.
– Explicit consent –
The law establishes the key principle that individuals must explicitly grant permission for their data to be used.
The new EU law also establishes consumers’ “right to know” who is processing their information and what it will be used for.
People will be able to block the processing of their data for commercial reasons and even have data deleted under the “right to be forgotten.”
Parents will decide for children until they reach the age of consent, which member states will set anywhere between 13 and 16 years old.
The case for the new rules has been boosted by the recent scandal over the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.
The breach affected 87 million users, but Facebook said Wednesday it has found no evidence that any data from Europeans were sold to Cambridge Analytica.
Facebook chief Mark Zuckerberg said in a hearing at the European Parliament on Tuesday that his firm will not only be “fully compliant” with the EU law, but will also make huge investments to protect users.
Zuckerberg said he was “sorry” for the Cambridge Analytica breaches, but also for its failure to crack down on election interference, “fake news” and other data misuses.
– ‘Global standard’ –
Big platforms like Facebook, WhatsApp and Twitter seem well prepared for the new laws, while smaller businesess have voiced concern.
But EU officials say they are initially focusing on the big firms whose business models use a goldmine of personal information for advertisers, offering smaller firms more time to adapt.
Brussels has meanwhile expressed impatience with the eight of the 28 EU countries that say they will not have updated their laws by Friday.
The lack of preparedness comes despite the fact that the new laws were officially adopted two years ago, with a grace period until now to adapt to the rules.
Jourova said the new rules are setting “a global standard of privacy.”
Many Americans who once criticised Europe as too quick to regulate the new driver of the global economy now see the need for the GDPR, EU officials insist.
“I see some version of GDPR getting quickly adopted at least in the United States,” Param Vir Singh, a business professor at Carnegie Mellon University, told AFP in an email.
Japan, South Korea, India and Thailand are also drawing “some inspiration” from Brussels as they debate or adopt similar laws, another EU official said.