On May 25, the EU’s General Data Protection Regulation (GDPR) was updated with new personal data regulations in favor of the average European. With the advent of newer means to violate one’s privacy in today’s day and age, not to mention recent controversies surrounding Facebook’s unethical relationship with Cambridge Analytica, this recent overhauling and revamping of existent privacy laws in the UK signifies that notable federal efforts are being made to safeguard the common man. In the last 12 months, millions of Yahoo, LinkedIn, and MySpace account details have been breached, rousing public outrage with regards to one’s privacy. Because data protection laws passed in the 1990s could not keep pace with constant technological advancements, the EU found it essential to amend such outdated legislation lest it should become impertinent and obsolete.
Enforced by the Information Commissioner’s Office, the updated GDPR is projected to produce various positive effects for the average citizen. As a result of the law, the “destruction, loss, alteration, unauthorized disclosure of, or access to” people’s data must be reported to the nation’s data protection regulator. For companies with more than 250 employees, documentation will need to submitted periodically about why and how people’s information is being collected and processed, how long it is being kept for, and how effective the implemented technical security measures are. Companies under the surveillance of the GDPR will thus be held more accountable for handling personal information.
In addition to indirect benefits provided to all Europeans, it directly gives users more control over how their personal data is being used. Prior to May 25, a Subject
Access Request (SAR) had allowed businesses and government bodies to charge £10 to be told how their information is being dealt with. Conversely, under the GDPR, requests for said information will be made free of charge. More importantly, almost without exception, users that make such requests will need to receive their desired explanations within the span of a month. According to the legislation, users “have the right not to be subject to a decision if it is automatic and it produces a significant effect on a person.”
Still, there are limitations involved that render this updated legislation less effective than one would expect. The American Chamber of Commerce to the European Union called it “overly strict.” Developers Alliance, a trade group representing Facebook, Google, Intel and dozens of app makers, said it could cost businesses in Europe more than £550 billion, or about $640 billion, in annual lost revenue.