In the last few weeks, you may have found yourself inundated with emails from many of the apps and online services you use. They’ve been informing you of new terms and conditions, and asking you to “opt in” to continue using their service. Back on May 25th, the General Data Protection Regulation, or GDPR, came into effect. It’s a sweeping set of strict laws that govern privacy for anyone living in, doing business with, or even visiting the European Union. And even though the GDPR was announced two years ago, it seems to be taking a lot of people and companies by surprise.
Well, back at the end of May of this year Europe’s new General Data Protection Regulation or GDPR was set into effect. It is basically a very strict set of laws designed to harmonize data privacy across Europe in order to protect EU citizens personal and private data which is mainly in effect to reshape the way organizations across the globe approach data privacy.
And so, if you collect or come into contact at all, with any type of identifiable personal data related to any individual living in the European Union or EU, regardless of where your located in the world, you now have specific obligations, responsibilities, and liabilities for that data.
So any Canadian company selling goods or services online to people in the EU, or any university with students from a European country say, or even a website here in Canada using basic data tracking cookies or any other information tracking features, will now need to abide by the GDPR’s strict guidelines.
They want you to only collect data on people that is only necessary for the purposes you need it for. That is don’t collect any more data on a person in the EU than you need.
Also, dependent on the sensitivity of the date you have collected, they want you to ensure that you have all the appropriate safeguards in place so your data does not get hacked into or stolen. And so, these guidelines I’ve just mentioned, are very similar to Canadian privacy laws in effect now anyway. So, nothing really new to worry about.
One new law that the GDPR privacy law does impose, and is really up for great debate, is the law that people in the EU have the right to be forgotten or the right to be erased. This means, that if there is data out there, you now have the right to have that data erased or taken off the Internet.
And the challenge to that is that it butts up against the ‘freedom of expression”. And so, there is now great debates, especially in Canada and really in the rest of North America on the freedom of express vs the right to privacy. And that law changes if your live in the U.S., Canada, or now the EU. And so, in the EU, privacy and protection of your data is a fundamental right. In Canada, it is one step shy of being a fundamental right and in the U.S. it’s even lower.
So, we are now challenged by the GDPR’s privacy law because they now say, that if there is data on you, and you want it erased, then you should have that right. And that does not just mean from a website but also how it tracks across the Internet. And if you try to put that in place with companies like Google and Facebook, who operate around the world within multiple countries, then your data and privacy may get treated differently dependent on which country your in.
In the short term, it’s unlikely individual Canadian users will notice much of a difference in their digital experience. But recent events, like the Facebook Cambridge Analytica scandal have caused people to realize just how their personal data might be used, and many are becoming more activist in their demands for the highest level of privacy rights. I can’t help think that Europe’s tough new data privacy laws will get absorbed into our own laws ensuring Canadians have more control over their personal data.