By Marc R Gagné MAPP Senior Privacy and Data Advocate, Cyber Intelligence and Director @ Gagne Legal. See more about Marc here. Image from pixabay.
Transatlantic commerce is about to get turned on end, thanks to looming legislation in the EU that affects us all.
In less then two years, dramatic changes in data protection law will take effect in the European Union. Worldwide, companies who have any interaction whatsoever with EU citizens will be bound by the world’s strictest laws in data security.
How EU Laws Can Have Global Reverberations
“Interaction” includes, among other practices, selling products to, marketing to, and offering services to anyone who resides within the borders of the EU (and, most likely, post-Brexit UK as well). In fact, any item of data that’s derived from (or about) these protected citizens will be subject to what amounts to the strongest set of data protection laws the world has ever seen.
As you can see, our friends across the pond are very serious about privacy protection and where their data is sent around the world. In Europe, the right to data protection is held in high esteem, right up there with the right to privacy. In fact, it’s built right into the charter documents that established the European Union:
“Everyone has the right to respect for his or her private and family life, home and communications.”
-Charter of Fundamental Rights of the European Union
“Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. Compliance with these rules shall be subject to control by an independent authority” This is mainly why the Safe Harbor framework, the U.S.-E.U. data protection standard agreement, was recently declared invalid by the EU: not strong enough. That begs the question: our new agreement with the E.U., Privacy Shield: will it survive or go the way of Safe Harbor?
What is the GDPR?
The new regulation is called General Data Protection Regulation (GDPR) and if you haven’t already heard about it, now’s the time to find out what this powerful new legislation means. If you own a business with an online presence, chances are you’ll be affected by the GDPR. And if you do any type of digital marketing, it’s almost certain you’ll need to know about the GDPR’s profound, global effect.
GDPR will replace the decades-old Data Protection Directive, serving to bring regulations up to date and to streamline enforcement or data protection and privacy laws. What could be wrong with that?
Data collection is the foundation of modern marketing techniques. However, it’s often taken to extremes, to the extent that some call it “invasion of privacy”. We’ve already had to contend with phone apps that siphon away personal information from your phone, for example. And a few years back, Twitter was selling tweet archives to the highest bidder.
Legislation like the GDPR aims to protect citizens from these types of shenanigans, but marketing is big business.