Did you know? Few days ago, on January 28th, it was the World Data Protection Day. Launched in 2006, it is an important day for the Eu. It wants, in fact, to celebrate the policies on the topics of data protection and privacy, expecially those of last years.
“We are proud to have the strongest and most modern data protection rules in the world, which are becoming a global standard”.
So, in a joint statement from the European Commission, the First Vice-President Timmermans, Vice-President Ansip, Commissioners Jourová and Gabriel.
“The Facebook/Cambridge Analytica case and recent data breaches have shown that we are doing the right thing. What is at stake is not only the protection of our privacy, but also the protection of our democracies and ensuring the sustainability of our data-driven economies”. They continued.
Just last May 25th, 2018, in fact, General Data Protection Regulation entered into application. A point on which, the European Commission puts a lot of emphasis: why?
The challenge of privacy
Nowadays, our lives are, for a great deal, online. This can be a problem for our privacy, since we leave a big amount of personal data, ignoring the way they will be used. It can be challenging, also because it is a new problem and often law is not ready to face it.
In 2012 a new regulation, updating the the 1995 Data Protection Directive, was proposed. The 1995 Directive, in fact, was unable to face the new challenges, coming from the internet in particular. In 2016, both the European Parliament and Council adopted the new regulation. Finally on May 2018, the General Data Protection Regulation was implemented.
We should not forget that 2018 was also the year of the Facebook/Cambridge Analytica case, violently showing the need of new rules to protect personal data.
GDPR: what’s new?
Very shortly: the General Data Protection Regulation aims to “harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy”. In particular it refers to companies, public and private bodies in the EU, but even to non-EU companies using personal data of EU citizens. In the case of non-EU companies, they must appoint an EU representative.
Basically, when it comes to personal data: terms and conditions must be in an understandable language; retracting consent must be as easy as giving consent; and when you have given consent previously for one purpose, you must give it again if the company wants to use the data for a new purpose.
Even the definition of personal data was updated, in order to face the new situation.
The current definition, indeed, is “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”.
The Regulation, that as such does not need to be approved by national Parliaments, had a big impact on companies. Despite the almost 2 years given for complying with the new rules, several companies moved just at the last moment. On the one side this created a big flow of emails to users, on the other side it also meant big costs for companies.
This, but also its extraterritorial jurisdiction and concerns about enforceability were the main critics moved to the Regulation.
What do you think about the GDPR? Do you think, as some people, that it should be improved? Or, are you happy with this way to protect privacy?
Tell us in a comment! And, if you think to have a great idea to improve the Regulation, why don’t you try to discuss it with MEPs in Brussels?
We can give you the opportunity: apply for our Youth Exchange in Spain, in March, about Media and Web Manipulation. But be fast: application will close in few hours!