EU privacy law heralds new era in online data protection

The European Union General Data Protection Regulation, which came into effect on May 25, updates the bloc's rules on data privacy for big data era. (Getty)
Updated 25 May 2018
0

EU privacy law heralds new era in online data protection

  • Extensive new privacy regulations halied by privacy advocates worldwide
  • But critics say rules create a burden for small businesses, with advertisers and publishers impacted

BRUSSELS: New European privacy regulations that went into effect on Friday will force companies to be more attentive to how they handle customer data, while bringing consumers both new ways to control their data and tougher enforcement of existing privacy rights.
The European Union General Data Protection Regulation (GDPR) replaces the bloc’s patchwork of rules dating back to 1995 and heralds an era where breaking privacy laws can fetch fines of up to 4 percent of global revenue or €20 million ($23.48 million), whichever is higher, as opposed to a few hundred thousand euros.
Many privacy advocates around the world have hailed the new law as a model for personal data protection in the Internet era and called on other countries to follow the European model.
Critics, though, say the new rules are overly burdensome, especially for small businesses, while advertisers and publishers worry it will make it harder for them to find customers.
The GDPR clarifies and strengthens existing individual privacy rights, such as the right to have one’s data erased and the right to ask a company for a copy of one’s data.
But it also includes entirely new mandates, such as the right to transfer one’s data from one service provider to another and the right to restrict companies from using personal data.
“If you compare the GDPR with the data protection directive you can really compare it with a piece of software upgrading from 1.0 to 2.0,” said Patrick Van Eecke, partner at law firm DLA Piper.
“It’s a gradual and not a revolutionary kind of thing ... However for many companies it was a huge wakeup call because they never did their homework. They never took the data protection directive seriously.”
Activists are already planning to leverage the right to access one’s data to turn the tables on large Internet platforms whose business model relies on processing people’s personal information.
That means companies are having to put in place processes for dealing with such requests and educating their workforce because any non-compliance could lead to stiff sanctions.
Studies suggest that many companies are not ready for the new rules.
The International Association of Privacy Professionals found that only 40 percent of companies affected by the GDPR expected to be fully compliant by yesterday’s deadline.
It is unclear how many provisions of GDPR will be interpreted and enforced. A patchwork of European regulatory authorities, many of whom say they are under-funded, will oversee the new law, with a central body to resolve conflicts.
One key provision of GDPR, the right to data portability, is causing particular confusion.
Lawyers and experts say it is not clear how far the right for individuals to move their data from one service provider to another will stretch.
“I think the data portability rights are pretty significant and are going to take a while for people to figure out what the bounds of them are and how to go about complying with them,” said David Hoffman, Director of Security Policy and Global Privacy Officer at Intel.
For example, music streaming services like Spotify create playlists for users based on their music preferences. While a user seeking to exercise the data portability right would be able to move playlists he or she created, the situation becomes fuzzy if the playlists are created by the streaming service using algorithms.
EU data protection authorities said individuals should be able to transfer data provided by them but not “derived data” created by the service provider such as algorithmic results.
Tanguy Van Overstraeten of Linklaters said the data portability right could raise issues of intellectual property.
“It’s not obvious that you can necessarily migrate the data from your system to somebody else’s system,” he said.
On the business side, companies are rushing to renegotiate contracts with suppliers and service providers because GDPR increases their liability if something goes wrong.
Under the current rules it is generally the company that determines the purposes of data collection that is directly liable for any breaches.
GDPR changes that, and data processors which only process or store the data on behalf of their clients, for example cloud computing providers, will be directly liable for sanctions and could face lawsuits from individuals, and that needs to be reflected in contracts.
Companies can have hundreds, thousands or tens of thousands of agreements which need to be revisited to ensure they comply with GDPR.
“After 20 years of data protection legislation in place, it’s only now with the GDPR they (companies) start to think about ‘what’s my role in the whole story? Am I a data controller or data processor?’” Van Eecke said.


‘Don’t be too optimistic’: Huawei employees fret at US ban

Updated 26 May 2019
0

‘Don’t be too optimistic’: Huawei employees fret at US ban

  • This week Google, whose Android operating system powers most of the world’s smartphones, said it would cut ties with Huawei
  • Another critical partner, ARM Holdings, said it was complying with the US restrictions

BEIJING: While Huawei’s founder brushes aside a US ban against his company, the telecom giant’s employees have been less sanguine, confessing fears for their future in online chat rooms.
Huawei CEO Ren Zhengfei declared this week the company has a hoard of microchips and the ability to make its own in order to withstand a potentially crippling US ban on using American components and software in its products.
“If you really want to know what’s going on with us, you can visit our Xinsheng Community,” Ren told Chinese media, alluding to Huawei’s internal forum partially open to viewers outside the company.
But a peek into Xinsheng shows his words have not reassured everyone within the Shenzhen-based company.
“During difficult times, what should we do as individuals?” posted an employee under the handle Xiao Feng on Thursday.
“At home reduce your debts and maintain enough cash,” Xiao Feng wrote.
“Make a plan for your financial assets and don’t be overly optimistic about your remuneration and income.”
This week Google, whose Android operating system powers most of the world’s smartphones, said it would cut ties with Huawei as a result of the ban.
Another critical partner, ARM Holdings — a British designer of semiconductors owned by Japanese group Softbank — said it was complying with the US restrictions.
“On its own Huawei can’t resolve this problem, we need to seek support from government policy,” one unnamed employee wrote last week, in a post that received dozens of likes and replies.
The employee outlined a plan for China to block off its smartphone market from all American components much in the same way Beijing fostered its Internet tech giants behind a “Great Firewall” that keeps out Google, Facebook, Twitter and dozens of other foreign companies.
“Our domestic market is big enough, we can use this opportunity to build up domestic suppliers and our ecosystem,” the employee wrote.
For his part, Ren advocated the opposite response in his interview with Chinese media.
“We should not promote populism; populism is detrimental to the country,” he said, noting that his family uses Apple products.
Other employees strategized ways to circumvent the US ban.
One advocated turning to Alibaba’s e-commerce platform Taobao to buy the needed components. Another dangled the prospect of setting up dozens of new companies to make purchases from US suppliers.
Many denounced the US and proposed China ban McDonald’s, Coca-Cola and all-American movies and TV shows.
“First time posting under my real name: we must do our jobs well, advance and retreat with our company,” said an employee named Xu Jin.
The tech ban caps months of US effort to isolate Huawei, whose equipment Washington fears could be used as a Trojan horse by Chinese intelligence services.
Still, last week Trump indicated he was willing to include a fix for Huawei in a trade deal that the two economic giants have struggled to seal and US officials issued a 90-day reprieve on the ban.
In Xinsheng, an employee with the handle Youxin lamented: “I want to advance and retreat alongside the company, but then my boss told me to pack up and go,” followed by two sad-face emoticons.