You probably haven't heard of the General Data Protection Regulation but chances are, you've heard of Facebook.
And the social media behemoth's current problems with data privacy make next month's European Union implementation of regulations related to the General Data Protection Regulation, or, more briefly, GDPR, even more relevant here in the United States.
So, just what exactly is GDPR?
For an answer, I turned to Tim Sullivan, senior vice president of marketing data services at Downers Grove-based Allant Group, an advanced data analytics and campaign management company.
Allant Group gives its global clients high-level analysis of their existing and potential customers, so the company has a vested interest in understanding the new European directive.
Sullivan explained that GDPR is a legal framework that gives guidelines for collecting and processing people's personal information in the European Union.
Along with defining the rules around data collection and management, GDPR specifically addresses individuals' rights — and what happens when companies violate those rights, leading to substantial fines for them.
GDPR covers every business that handles EU citizens' data, so in addition to companies like Facebook, Google, Twitter and Amazon, it will also require compliance on the part of banks, insurance providers and other financial institutions.
Sullivan highlighted some of the biggest wins GDPR provides for people regarding their personal rights:
* The right to clearly stated marketing messages that contain details explaining future use of personal information.
* The requirement that users opt in to any future use of their data; opt-out will no longer be permitted as a default.
* The right to access the data controller (the person or organization that determines the purpose and means of processing personal data) or the data protection authority (agency in each EU member country that enforces GDPR regulations).
* The right to permanent erasure of personal information upon request.
* The right to restrict the use of personal information in part or in whole.
* The right of data portability, which allows individuals access to all the information a data controller holds on him or her, as well as the ability to request that data be moved to an alternate data controller. (An example of this might be a consumer's desire to move all of his/her data from one credit bureau to another due to data breach security concerns.)
* The right to object to the accuracy or business use of personal data.
* The right to correct inaccurate data.
* The right to be notified within 72 hours of detection of a data breach.
You might be thinking, "This is all well and good for people in the European Union, but what does it mean for us here in the United States?"
For the perfect example, we return to Facebook, and the data about Facebook members it was recently revealed to have allowed Cambridge Analytica to access.
The timing of the scandal is interesting in light of GDPR's rollout on May 25.
People's response to the sale and manipulation of their personal data illustrates they want and need better control over their personal information. And, because Facebook is a global company that serves millions in the European Union, it has implemented the processes and controls necessary to met GDPR standards.
As a result, Facebook users outside the European Union also will benefit from the resulting transparency.
Though companies could theoretically address customers in the European Union differently than those elsewhere, major players on the world market have made the calculation that the additional monetary and customer goodwill costs this would entail are not worth the price.
For this reason, even though the U.S. government is not currently undertaking legislation like the GDPR, major players in the global market — including Google, Amazon, Microsoft and Facebook — have all indicted they will be GDPR compliant.
If you are interested in accessing and/or modifying the personal data that has been collected about you by the global companies with which you regularly interact, you will have to reach out to each individually.
And though you will be able to view reams of information including every post and review you've ever made, every product you've ever ordered, a recording of every Alexa voice request you've ever spoken (yep, it's true!) and all the advertisers and apps that have been given your information, your options vary as to what you can do to modify or delete your history.
Your best bet to tackle this project is to search (and yes, Google searches are also captured and analyzed) "How to download personal data from [fill in the company name]."
• Need help?
Send your questions, complaints, injustices and column ideas to HelpSquad@pioneerlocal.com.