General Data Protection Regulation Goes Live in The EU - The Tech Giants Are Not Pleased

In order to protect consumers and their personal data, the European Union has enacted a new regulation which went into effect today, May 25^th, 2018. The General Data Protection Regulation (GDPR) is a broad package of protective measures to protect the privacy of individuals within the European Union. The goals of this regulation are to return control of individual data back to the individual and to ensure that companies who collect data, demonstrate complete disclosure of what is being collected, how it’s used, and by whom. Additionally, there must be a provision for any individual to revoke permissive use of their information at any time. Furthermore, any data breach which compromises an individual’s privacy must be reported within 72 hours of the breach. The regulation is not intended to disrupt legitimate on-line commerce, but instead to stop the practice where huge troves of personal data are aggregated and resold to marketing firms or other advertisers for a profit.

This new regulation affects anyone who collects or holds data on people who reside within the confines of the European Union, regardless of where the collection point resides. What it amounts to is that any organization in the world who wants to do business or engage with the EU must comply with its guidelines. Many of the world’s largest technology companies have been actively preparing for this new regulation by updating their privacy notices. The cost of compliance is staggering and it is forcing many small companies to shutter European operations temporarily. Still others are abandoning the European market altogether resulting in temporary chaos across the internet. Today websites from several major U.S. based newspapers and media sources are offline in Europe, leaving an audience of over 500 million people disconnected.

The impact of GDPR will be felt over the next few days, and it appears that new regulation will have a chilling effect on any company that isn’t compliant. Global giants like Facebook and Google are already under fire because of their forced consent policies. These two companies, and many others, require users to opt into data management terms that the company sets, or they are blocked from utilizing their product. Supporters of the new law are making the case that these companies should be forced to change their practices. Since both of these companies, and many other, are built on compiling and reselling personal data or sharing it with third-party developers, it will be interesting to see if they choose to comply.

The EU regulators are momentarily playing hardball and plan to levy massive fines on any company that tries to circumvent the system. These can be as high as 4% of a firm’s total annual revenue or €20 (approximately 23.5 million USD). Many American companies have already complied in one way or another, but some are waiting on the sidelines to see how things evolve over the coming weeks. Congress has toyed with the idea of internet regulation, but so far nothing concrete has emerged from the legislative body. Another topic being discussed is enforcement. At this point, the onus for compliance in Europe has been delegated to the individual states, but there is no global watchdog to monitor things outside of the EU.

If enough users opt out of data sharing, which is anticipated, then the targeted on-line marketing industry is likely to take a massive global hit. Currently companies like Google and Amazon populate websites with on-line ads tailored to the preferences of users, but if harvesting data is no longer permissible, then the entire model will need to change. Advertisers may be already looking for new channels to reach customers. It’s likely that on-line ad spending will drop in the near future as well, cutting into the earnings of big tech. The law is already being hailed as a victory for the people.

As of this posting, some sites are completely unavailable in the EU, while others are inundating users with pop-ups detailing their data collection policies and giving notices concerning cookies. Currently the New York Times, Los Angeles Times, and the Chicago Tribune are dark, each posting a message stating they are currently unavailable in the European market.