The European Union's new data privacy regimen, the bloc's first major overhaul of rules governing people's data since 2005, took effect Friday after months of sometimes frantic preparations by virtually any company that operates a website accessible there.
While some European users complained about being blocked from accessing their social media accounts or certain U.S. sites Friday, others heralded the changes as a milestone for Internet privacy in Europe and around the world.
What has changed for users?
Individuals in the European Union have a right to know what data are collected about them and why, how long it will be stored and how it will be processed. Users also have a right to have their personal data deleted in certain circumstances. They also need to have the option to be able to appeal to the human decision-makers behind algorithms.
Organizations need to obtain active consent from individuals before collecting data in many circumstances and are obligated to report data security breaches to authorities within 72 hours.
Why do U.S. companies have to comply with those rules?
Governments can fine organizations up to 4% of their global revenue for noncompliance, including for failure to process data lawfully, for not having a data protection officer and for security breaches.
Is anyone already risking legal consequences?
Yes. Vienna-based privacy watchdog None of Your Business filed complaints Friday against Google, Facebook, Instagram and WhatsApp. The group believes that those four social networks or messaging services essentially force their users to agree to their privacy standards or not use the services at all, rather than modifying their standards to ensure more online privacy and data protection.
What are the downsides for consumers?
Some companies have chosen to go blank in Europe instead of having to comply with the expansive privacy regulations, including websites such as Unroll.me and Klout. More widely accessed U.S. media outlets — including news outlets belonging to Tronc Inc., such as the Los Angeles Times and Chicago Tribune — similarly blocked some of their European users starting Friday. It is uncertain when or if those websites will become accessible again.
Before the law took effect Friday, consumers also complained about a number of bureaucratic challenges, such as an influx of consent-seeking emails from companies trying to distribute their newsletters, or doctors making their patients sign pages-long forms about how to store their data.
If it's all so complicated, why did Europe bother to introduce the rules?
European Union regulators have always been much tougher on the tech companies than their U.S. counterparts have; for instance, the EU forced the companies to give users more control, imposing fines for noncompliance and requiring platforms to spot and delete illegal content.
Depending on the EU country, there is generally also more public backing there than in the United States for the sort of expansive regulations that took effect Friday.