GDPR - day 1
This is it, the General Data Protection Regulation (GDPR) is finally implemented in Europe, and by extension to most of the world, since for companies that do not live off your data, it is far easier to apply the same Terms of Conditions to everyone.
At Nomagic, of course this was never a concern since we impose ourselves further commitment to keep your private information away from anyone else. Your life, Your data!
Dazed and Confused? Mozilla helps keeping it simple
If the numerous email notifications you received asking to renew your trust to a bunch of Website you never visited have left you dazed and confused, here below is a very good sum up of the core changes, shamelessly taken from the Mozilla news website. We have only removed one point of self-promotion making it a 12 points of things to know about GDPR, for the User.
Did you know?
The Mozilla foundation is one of the most active entity towards general public awareness for privacy matters. They are also the entity behind Firefox and Thunderbird software. Mozilla also released a special verion of its Firefox browser for Android (and iOS) called Focus which protects your privacy by design. It comes with many settings to let you easily regulate the level of content blocking and tracking protection to your needs. The perfect browser for privacy-minded cybernauts! Even better, it is available on F-Droid under the name Klar.
1. The General Data Protection Regulation gives the European Union the power to hold businesses and organizations accountable for how they collect and handle personaldata — your data.
Businesses and organizations have had two years to get ready. This wasn’t a sneak attack by the European institutions. The GDPR went on the books in May 2016, giving anyone who collects customer data plenty of time to prepare.
2. Even though it’s driven out of Europe, the GDPR impacts the whole world.
If you live outside of Europe, you’re probably wondering what a European law has to do with you. Thanks to something called “territorial scope,” any organization that deals with data of EU residents must comply with the GDPR for those individuals, which impacts global organizations like Apple and Facebook. Even though they are not strictly required, some organizations are taking a principled (and perhaps easier) approach, providing the same set of controls and protections to non-EU residents.
3. It’s filling up in your inbox.
We’ve all been bombarded with emails about updated privacy policies and terms of service. It’s (mostly) not fallout from the Cambridge Analytica scandal, it’s because organizations are getting their policies and practices into GDPR compliance. Bonus points: All those emails are a hint to disconnect from services you’ve forgotten about.
4. Data privacy is by design and by default.
Organizations collecting or using personal data will have to consider privacy throughout the entire lifecycle of products and services. That means that from the day teams start designing a product, service or feature, privacy must be top of mind. It also means that initial app and service settings will be set toward privacy by default so as to comply with the GDPR, and it will be your choice to change or turn them off as you prefer.
5. Policies and Terms of Service should be easier to understand.
The GDPR requires data policies to be written in plain language so you can better understand what you’re consenting to. Now is a good time to revisit the privacy and data policies of the services you use and update your settings. Here are a few to get you going:
- Apple
- Facebook, Messenger and Instagram
- Google: Privacy Policy update; Your Account
- Microsoft
- My Fitness Pal -Snap
6. You have the right to take your data with you to another service.
This principle of “data portability” means that you (1) have visibility into the data an organization has collected about you, (2) can move that data to a different service provider (such as a competitor) without losing the data history you’ve built up, and (3) are getting closer to being the keeper and beneficiary of your own data. How that will happen isn’t totally clear yet.
7. You have the right to be forgotten.
In addition to having the right to your data, you also have the right to request its erasure
8. Data breaches will be reported to regulators much faster.
The GDPR has a “72-hour rule” which means that controllers must report a breach to its supervisory authority within three days after becoming aware of it. In theory, you should find out more quickly as well, when there are high risks to your “rights and freedoms” as laid out in the 72-hour rule.
9. Violations will cost big.
Like, really big. In the past, penalties for irresponsible data collection and management were low enough that it was, perhaps, more profitable for big players to eat the fines. Now, however, “organizations in breach of the GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).” While it’s still unclear what a “significant” violation would be, here’s how a fine could add up for for Alphabet, the holding company of Google. Alphabet made $110 billion in 2017, so a significant violation against the GDPR could result in a whopping $4.4 billion fine. (!!!)
10. What’s good for users is also good for business.
Storing personal data isn’t without risk (see #9.) Stronger data and security practices decrease the risks associated with personal data collection and processing for both users and organizations. This is not negligible: in 2015 data breaches have cost on average USD 3.79 million per impacted company, without mentioning lost customer trust and public relations fallout.
11. Less data, more trust.
It’s sad but true that some organizations don’t even know what data they have or where it’s being stored, and the GDPR encourages organizations to think twice about the amount of data they collect. Plus, they need to justify their purposes for collecting it. At Mozilla, we put these principles into action and advocate for businesses to adopt lean data practices. The GDPR represents an opportunity for more businesses to be leaders when it comes to data collection by choosing to collect only what is necessary for providing a product or service, rather than casting the widest possible net.
12. The GDPR is a floor, not a ceiling.
Mozilla wants users to have meaningful controls and for there to be sensible privacy settings that aligns with users’ expectations. The GDPR provides a baseline set of rules, which helpfully lay the groundwork for more ethical approaches to data collection and processing. It’s is a step in the right direction, but the devil will be in the details for most organizations. New privacy controls, even if they technically comply with the GDPR, won’t help if they are too difficult to use and if organizations aren’t committed to the underlying principles that shaped this regulation. Still, we like that it will encourage a culture of responsible privacy, empowering the individual to have control and choice over their online experience, something Mozilla has stood for since our beginnings.