Just as Britain edges closer to ditching the EU, new data protection laws from Brussels provide some much-needed safeguards and protections returning power to individuals over the handling of their most sensitive and personal data.
If you’ve followed the news in the last couple of months, you will have heard a lot about Cambridge Analytica. According to whistleblower Christopher Wylie, the company harvested over 50 million Facebook profiles without the owners’ permission to target voters in 2016 US presidential election.
As a result, Facebook has been castigated for not doing more to protect its users’ data. Well, Facebook – and every other social media company for that matter – it is time for a cultural and systematic shakeup of how you protect our privacy. Why? Because on 25 May 2018, the EU General Data Protection Regulations (GDPR) came into force around all member states. Britain is included in this – at least for now. These laws were carefully debated by the EU Parliament for four years. Although a long time coming these are laws definetly worth waiting for.
Their mission is to ensure organisations – be it governments or big companies like Google – do not infringe our data privacy rights. And if they do, under GDPR, they can be fined up to 4% of their annual global turnover or €20 million (whichever is greater). Even just the threat of a fine that hefty will surely have the mass corporate and tech giants running scared – so WhatsApp, you better keep encrypting our conversations.
GDPR operates by putting greater emphasis on organisations obtaining positive and affirmative consent before they process our data. So next time you get asked to do one of those boring marketing surveys, make sure the company asking sets out clearly how they will protect your data – especially if you pass on your name, number email and the rest. More crucially, remember to make sure they give you a chance to consent – the days of pre-ticked opt-in boxes are history under these new rules.
What is more, under GDPR, you have a right to be forgotten. We all want to be remembered until you get one sales call too many from your ex-broadband providers, or all-too frequent emails from your old workplace who are hell-bent on you attending one of their poxy reunions. Basically, unless organisations are justified in holding the data, you can tell them to wipe you off their list under these EU-wide measures – a virtual disappearing act of sorts.
These laws empower individuals by ensuring those who hold their data do so for sound reasons – not just to intrude in to their private lives. In an age where it is common practice to input your data in to various phone apps – never has it been more important to understand where your information is going and how it is going to be used. Privacy rights are human rights after all and they are sacrosanct.
EU law often seems to get bad press – but the common sense rules outlined in the GDPR demonstrate the progress countries can make when they club together to cook up ways to protect the ‘little people’ against the ‘big people’.
Though the UK government are expected to align with GDPR principles post-Brexit, this is by no means guaranteed and any government of day could rip up this rule book if they so fancied. Equally, leaving our European neighbours behind removes our seat at the table in Brussels where we can help influence and shape the data privacy rules of the future around Europe and beyond. Who wants to be rule takers when we can be rule makers?
All the more reason why Brexit is such a bad move.
• Chevan is a member of the youth campaign group Our Future, Our Choice (OFOC) which is pushing for Britain to remain in the EU.