The General Data Protection Regulation (GDPR) (EU Regulation EU: 2016/679) came into force on 25 May 2018. The purpose of EU 2016/679 is to strengthen and unify data protection for individuals within the European Union (EU) but given the interconnectivity and interoperability of web-based technologies, it also addresses export of personal data outside the EU. For that reason it more than likely has immediate implications for you and me.
Online privacy and online privacy policies issues are nothing new in the world of cyber space. But ever since the Facebook-Cambridge Analytica Debacle, there has been renewed concern, perhaps even fear, about online privacy, especially on social media websites.
Mark Zuckerberg, CEO of Facebook did not do much to alleviate the concerns of the Facebook community, much less so US and EU regulators, after his lame duck appearances before regulators in these regions of cyberspace.
Social media, e-learning and many different types of websites are by nature global in scope and, therefore, online privacy cannot be an in-company, parochial or provincial issue. On the contrary, online privacy is decidedly an interconnectivity and interoperability issue. Members of one social media website can login into a second with credentials from the first; additionally, members on non-social-media sites can login with social media credentials and so on.
New Privacy Rights: First, a comprehensive set of rights must now be enshrined in privacy policies. Below is a quick summary of those rights and their implications in brief:
- Right of access: you have the right to request a copy of the information that the organization holds about you.
- Right of rectification: you have a right to correct inaccurate or incomplete data that is held about you.
- Right to be forgotten: Under certain conditions, you have the right to ask that data held about you be erased from the records of the site on which you are registered.
- Right to restriction of processing: in some situations you may have the right to restrict the processing of your information i.e. what can be done with the information including how it is stored.
- Right of portability: the right to have the data held about you transferred to another organisation. This is useful when you wish to login to another site with credentials from another.
- Right to object: the right to object to certain types of uses or processing such as direct marketing.
- Right to object to automated processing: the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that the organization refuses your request under rights of access, it is required to provide you with justification. Consequently, you have the right to complain vis-à-vis their refusal.
Loss of Access: If you do not agree to the updated privacy policies you may find that your mail may not reach its intended recipient. This may happen even though the recipient may live outside (my Scottish friends would say “outwith”) the EU. That is because email is transmitted via a number of protocols, proxies and routes and invariably one of these may have EU connections. Prior to making the necessary adjustment, mail I sent to a local (Barbadian recipient) was not transmitted and was tagged with the note: “Message rejected due to local policy”.
Returned Mail: For some time to come you may have to be on the look out for returned mail in order to identify those pieces of mail which have not reached the intended recipients. Depending on what you find you may then have to refer to your local Internet Service Provider (ISP) or the online organization with which you are registered.
While these new regulations have the potential to protect Internet users from violations of privacy it is doubtful whether this will stem the incidence of hacking, which seems to be on the increase, as hackers become ever more sophisticated and begin to treat themselves as professionals for hire.