How the GDPR is Changing the Way the Internet Handles Personal Data

Featured article by Lora Young, Independent Technology Author

In the first quarter of 2018, Facebook was placed under intense scrutiny following the compromization of millions of its users’ personal data. Cambridge Analytica, through a third-party app, harvested sensitive information from millions of Facebook profiles. This collected data was then used illegally for political purposes; allegedly it was to hold sway over the 2016 US elections.

Since the Facebook-Cambridge Analytica data scandal, public interest in the need for better regulation on data privacy and security has increased. Mark Zuckerberg, CEO and co-founder of Facebook, has pledged to create stricter regulations for the social networking service’s use and handling of user information.

Following the scandal surrounding Facebook and Cambridge Analytica, the European Union implemented the General Data Protection Regulation, or GDPR for short. The implementation sought to strengthen the data rights of EU residents, especially in situations where personal data is collected, stored, and passed around. The GDPR was drafted because the existing laws surrounding data protection were slightly antiquated. The EU’s Data Protection Act of 1998 did not yet account for how the Internet and social media would become so ingrained into the human experience.

Other industries and companies are following suit. On May 2018, digital inboxes were flooded with emails from websites and companies that changed their data collection policy and privacy controls. Twitter, for example, outlined how its users can easily access and control the way the website shares their data with their business partners. Opt-out procedures are now simpler and easier to understand thanks to the changes that a lot of sites and companies have made.

In the medical field, things are also changing. In the United States, the 1996 Health Insurance Portability and Accountability Act has a rule that safeguarding medical information is very important, and in cases where a patient is unable to visit their physician personally, digital tools are there to help. Many medical institutions have begun using HIPAA compliant video conferencing tools to help reduce the risk of sensitive information from being accessed by a third party when a client is unable to have a face-to-face checkup.

The implementation of the GDPR has also changed the language used in communicating privacy policies. This is because any data processor or controller holding data on EU residents will be subject to the policies of the General Data Protection Regulation. This is why user inboxes were filled with updated privacy policies from different websites. The impact of the GDPR required them to simplify their terms surrounding personal data, even if the user was not based in the EU. This prevents firms from hiding questionable data practices behind a stream of legalese and technical jargon.

GDPR’s enactment has been met with mostly positive reactions from consumers. With the hefty fines imposed on violators, the regulation makes it less tempting for websites and companies like Facebook, Twitter, Google, and many more to misuse customer data. In today’s digital age where keeping personal information can be less safe and secure, the GDPR is a welcome regulation to keeping private information private. Hopefully other countries follow suit in establishing such laws to prevent information misuse.