Europe’s highly anticipated new privacy law, the General Data Protection Regulation, went into effect Friday, a law that will impact virtually every technology company worldwide.
The new law requires any company that operates in the EU or any company that serves EU citizens to follow strict new privacy guidelines meant to protect consumers from companies abusing their personal data. Companies that fail to comply could face financial penalties as high as 4 percent of their annual revenue. For companies like Facebook, Google and Apple, that could amount to billions of dollars in fines.
The law has a number of components, but the general idea is to require companies that collect user data to be clear about what they are collecting, and why. Companies also need to make it easy for people to delete their personal data, or download it and take it with them somewhere else.
The new laws are why you’ve likely been bombarded over the past month with emails from all of the services you use alerting you to their updated privacy policies.
Facebook has been very vocal about all of its changes, primarily because the company is fresh off a major privacy scandal that brought a lot of attention to the company’s privacy settings.
One interesting catch to all of this: There’s no right way to comply with the new law. That means that while tech companies are making changes and asking their lawyers to interpret the EU regulations, there was no way for companies to confirm beforehand whether or not they are compliant. That means companies are doing their best to interpret the law on their own, but it’s possible that some companies that think they are in compliance will find out soon that they are not.
There isn’t much that you, the consumer, has to do if you aren’t an EU citizen, but it would be smart to read the updated privacy policies for the services you care about to ensure you understand what data they collect from you and how it’s being used.