GDPR Privacy Policy Updates

Have you received an influx of emails this week notifying you of privacy policy updates to various websites you frequent or have subscribe to as a user? You may have even noticed the pop-ups as you’ve visited certain websites. It’s left a lot of internet users scrambling to figure out why all these websites are changing their terms of service. Internet apocalypse? Scam? Business gone crazy? None of the above; it’s actually a European thing. Here’s the 411 on why websites are updating privacy policies.

You Aren’t Being Scammed And The Zombies Are Safely Locked Away For Another Day

World-wide, websites must update their policies due to the European Union (EU) enacting a new set of privacy protections. The GDPR, or General Data Protection Regulation, by the EU just recently came into action in an effort to benefit Europe’s citizens. Websites and online services collect data from users. The regulations give Europeans more control over said data.

So, what does this have to do with U.S. companies and users? The new rules will affect any online entity, including those in the U.S., who handle data from European citizens. They’ll have to be in compliance with GDPR regulations as well to handle European customers and users, which means they must change their corporate privacy policies. Thus, the influx of email and pop-up alerts.

What Do The GDPR Regulations Require Of Companies?

The Information Commissioner’s Office will be responsible for enforcement of the GDPR new regulations. The office will ensure that companies are being explicit in how they seek to obtain consumer consent prior to being able to collect personal information. If consent is obtained, companies must then give consumers much easier access to their own data under GDPR. Should a consumer want the data deleted at any time, the company must oblige. In cases of a breach, companies only have 72 hours following the discovery to notify all users. Any company the is a public authority, systematically monitors users, or processes large scale personal data must also now have a data protection officer.

What Happens To Non-Compliant Companies?

GDPR violations come attached to some seriously hefty fines. Non-compliance will cost a company whichever is higher of either four percent of their global annual revenue or $23 million in U.S. dollars.

Since Facebook is the first U.S. company to be hit with a lawsuit alleging violations of GDPR on the very first day it was implemented, despite claiming to have spent 18 months working toward compliance, it makes for an ideal example of the magnitude of the potential fines. Facebook had almost $41 billion in reported revenue in 2017, meaning the GDRP violation would cost the social media giant around $1.6 billion (capped at $23 million) if the penalty is enforced.

Do U.S. Companies Have To Comply With GDPR?

Yes and no. GDPR covers any entity holding and collecting European consumer information data, but technically U.S. companies only have to adhere to U.S. privacy policy laws and do not have to operate internally. The result? If you’re in Europe, you may not be able to access American-based sites.

Entities like NPR, the Washington Post, and likely the multitude of others you’ve received email and popup alerts from have updated their policies to adhere to GDPR. Others haven’t, however.

The Los Angeles Times, Baltimore Sun, Chicago Tribune and countless others are inaccessible to readers in Europe at the moment. From any European VPN, users will get a message that the websites aren’t available in Europe and that they (the sites) are exploring technical compliance solutions to offer digital offerings to the EU market in the future.

Most of the above publications are owned by parent company, Tronc, which has released a similar statement in the media concerning being inaccessible to EU readers. They’ve basically sidestepped GDPR by making content copy unavailable to EU residents. Tronc isn’t alone in going blackout in Europe as others, such as Klout, have chosen to block EU verses comply with expansive privacy reg updates.

Is GDPR Good Or Bad From A Consumer Standpoint

Ultimately, good or bad comes down to how stringent you want data protection to be verses how easily you’d like to exchange data with entities.

Public backing for more stringent regulations like GDPR is generally higher in European countries than it is in America. Plus, European Union regulators have a history of being more heavy handed with tech companies that U.S. regulators

Information is knowledge, and knowledge is power. Clearly, info carelessly falling into the wrong hands creates horrid results. That said, consumers have complained that rules like GDPR create innumerable bureaucratic challenges, citing that companies now have to constantly send consent-seeking emails for simple newsletter distribution and that healthcare-related interactions require mass paperwork for consent and agreement.

Not sure if you are GDPR compliant?  Download the WordLead WordPress Privacy Policy Plugin and always have your privacy policy up to date with all new laws.
Recent Posts