Data sharing is a hot button topic across the world, especially in the last few years where technological advancements have made accessing sensitive personal data far easier than ever before.
In America, data privacy is not especially legislated or regulated, making it easy for third parties to buy and sell personal data. Some regulations exist, but, there are is no overarching law to regulate the procurement, storage, or dissemination of personal information. It’s not surprising then, that some US-companies opt to contain disclosures that they will never sell personal information to outside entities as a “selling point,” to new customers. In a recent article by Quartz Media, it was revealed just how huge the data collection industry is in the States. Nine major data brokers, for example, have lists with data points ranging from the standard personal info (social security number, name, address, age), to categories reviewing purchaser eligibility. One such category was candidly named: “ability to afford products.”
Europe, however, is another story: introducing the GDPR.
GDPR, an acronym for General Data Protection Regulation, introduced by the European Parliament and Council, aims to better enforce and strengthen data protection for individual consumers residing in the EU. It replaces the previously enforced Data Protection Directive, which was designed to “harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and reshape the way organizations across the region approach data privacy.” Set to be enforced tomorrow, May 25, 2018, this is the first real change to data privacy law in 20 years.
The change is believed to be especially empowering for consumers, who will have access to information held about them. Businesses will be required to turn around data to those who ask about it within just one month. And any information deemed “personal,” is grounds for assessment. Businesses who fail to comply with the new regulation will, invariably, be subject to hefty fines.
A common complaint (especially in the US) is how marketers are seen as covertly taking consumer information to inundate them with ads, and even later sell their information to third parties. In Europe, however, GDPR will modify how and when consumers’ information is used, by providing consent-based opt-ins as the default, rather than giving consumers the option of opting out later. Consumers will be able to request what data the company has about them, and can make requests for their information to be deleted—permanently. Going even further, users can take data with them to share with another company of their choosing.
By learning the facts and having a strategy in place, all publishers should be prepared for GDPR and its associated changes. Are you?
