What is GDPR?
GDPR is an abbreviation for "General Data Protection Regulation" in English, which is often translated as "General Data Protection Regulation". It was launched by the European Union to curb the misuse of personal information and protect personal privacy.
In fact, the GDPR was introduced as early as April 2016, but the EU gave major companies a two-year buffer time, and the official effective date is May 25, 2018. This is the reason why everyone has been swiped by various privacy policy updates in the past few days.
GDPR is a "regulation" within the EU legal framework and has previously been passed by the European Parliament (lower house) and the European Council (upper house),It can be implemented directly in EU member states and does not require parliamentary approval。 Currently, there are 28 member states in the EU, and about 500 million people are directly protected by the GDPR. It is worth mentioning that although the UK has started the Brexit process, it has also approved the GDPR, which will also be officially implemented from May 25.
According to the provisions of the GDPR, enterprises must obtain the consent of users in collecting, storing, and using personal information, and users have absolute control over their personal data.
The European Union's General Data Protection Regulation (GDPR) is designed to allow companies to focus on maintaining data security, protecting user privacy, and taking necessary measures.
What are the rights of users?
The GDPR provides a very detailed explanation of the rights of individual users in relation to their privacy data, and we have distilled the core parts of it.
Right of Access
Users can inquire from the company whether their personal data is being processed and used, as well as the purpose for which it is used, the type of data collected, etc.
This provision mainly protects users' right to know about personal privacy.
The right to be forgotten
Users have the right to request that the company delete their personal data and, if the data has been obtained by a third party, they can further request their deletion.
In real life, a more intuitive example is that if an account is registered on a social platform, the company should provide users with a channel to log out. As far as China is concerned, there are not many manufacturers that provide simple and clear cancellation entrances.
Of course, the GDPR also stipulates that the right to be forgotten cannot conflict with the public interest. For example, if a thief is reported by the media for stealing, he cannot ask major news platforms to delete personal information related to him on the basis of his right to be forgotten.
Restriction of processing rights
If a user believes that the personal data collected by a company is inaccurate or uses illegal processing methods, but does not want to delete the data, he or she can request that its use of personal data be restricted.
For example, when we use mobile phones in our daily lives, we often encounter such situations, and after browsing a certain product on a shopping website, when using news, music and other apps, advertisements similar to that product will often pop up.
Data portability rights
The right to data portability is easier to understand, and users can request to bring their personal data with them when switching from one company to another. The previous enterprise needs to provide user data to users in an intuitive and universal form.
For example, if you want to transfer from NetEase Cloud Music to Tencent Music, users have the right to export the playlist and other data on NetEase Cloud Music.
Of course, the GDPR does not make this right mandatory and has a prerequisite for "technical feasibility". In other words, if Apple says that because iOS and Android data cannot be universal, the iPhone app list cannot be transferred to Android, it is not illegal.
How does GDPR affect businesses?
In addition to clarifying the security of users' personal information, the GDPR also makes very detailed regulations on the processing of personal data by enterprises.
First, enterprises need to obtain consent when collecting and processing user information, and the privacy policy needs to be explained to users in clear, concise, and straightforward language or other forms. In this regard, companies such as Google have done better.
Although Google has withdrawn from the mainland market, the privacy policy is still available in Chinese Simplified. In addition, when explaining the operating principle of Google Ads, the official uses concise and clear text and pictures to explain, even users who do not understand technology and the Internet can understand it in a short time.
Secondly, GDPR punishes enterprises for violations very strongly.A fine of 10 million euros or 2% of the annual revenue (whichever is higher) for minor behavior, and a fine of 20 million euros or 4% of the annual revenue (whichever is higher) for serious behavior。
Given the strict and demanding terms of the GDPR, few companies can guarantee that they will not violate the law at all. For some small and medium-sized enterprises, huge fines are tantamount to catastrophe. And even for technology giants like Amazon, 4% of revenue has basically exceeded net profit.
Therefore, after the GDPR came into effect, the websites and services of some enterprises directly blocked the EU region. Some directly released extremely rudimentary text-only websites to EU users, giving people the feeling of going back to 20 years ago overnight.
(Public Radio's text-only website)
In theory, companies could offer a special version of a service or product to the EU and develop another set of privacy terms. But for some companies, direct exit may be the easiest way.
Of course, some companies also follow the GDPR outside of Europe to show their sincerity in respecting the protection of personal data.
In addition, in accordance with the GDPR, after a personal data breach,Companies must report to the regulatory authorities within 72 hours, and the company must also have a data protection specialist familiar with the provisions of the GDPR to maintain communication with the regulatory authorities。 The direct reason for this regulation should be the previous privacy leaks of Amazon and Facebook.
Overall, GDPR is a severe curse created by the EU for companies, and they will face unprecedented pressure to protect the security of personal information.
Summary
GDPR is the strictest and most informative law in history to protect user data security, and from the user's point of view, it is a powerful medicine for the current intensifying personal information security problem. Therefore, many people will welcome encouragement. For us who are outside Europe and are ordinary users, we will also get some benefits because of the "staining".
However, there are two sides to everything. Too strict privacy regulations and high fines will cause some companies to withdraw directly from the European market. In addition, GDPR also faces many challenges in actual implementation, with different legal systems among EU member states, and some national regulators even have little knowledge of GDPR. There are also disputes in some provisions, such as how such an abstract concept as public interest should be defined in reality.
Of course, in general, Europeans have taken a big step forward in the protection of personal data security.
|
Posted on 2019-9-30 15:49:48
|
|
|
|
