Protecting data and respecting user privacy are of major importance to AT Internet. Today, many changes are taking place in the realm of data privacy, whether in Europe, in North America, or elsewhere around the globe. What are the latest changes, and what’s set to come next? And what impact will these developments have on your digital analytics data and solution?
Adoption of the European GDPR regulating the collection and processing of data:
The major news in the Privacy world in recent weeks is the adoption of the General Data Protection Regulation (GDPR), officially published on May 4, 2016. This European regulation aims to standardise the rules and requirements regarding data privacy and protection, and will be directly applicable in all European Union member countries two years after the publication date. Before this reform was adopted, the legislation in place dated back to 1995 and therefore needed to be updated in order to keep pace with technological evolution.
So, what will change with respect to the previous directive? Broadly speaking, the right to be forgotten is affirmed, and it will be mandatory to obtain explicit consent from a person in order to use any of their data. Finally, the data controller must inform the competent supervisory authority in case of data breach about the nature of the breach, the type of data involved, and the number of people affected. This regulation will apply to many different bodies: any economic stakeholders (companies) and any social stakeholders (authorities/administrations, unions, local governments, associations…) that handle data.
— European Parliament (@Europarl_EN) 17 avril 2016
The regulation also defines heavy sanctions (fines of up to 4% of total global annual revenue/turnover!) for any companies who do not comply with these obligations once the two-year compliance period is up (after May 25, 2018).
Go further, learn more:
- Data protection glossary
- Understanding “the right to be forgotten”
- To whom does the GDPR apply, and what are the possible sanctions?
- The EU regulation
- Follow updates on the regulation on Twitter: hashtags #EUdataP and #GDPR
The EU-US Privacy Shield: Where do things stand?
Another major subject in the news is the introduction of a new agreement – a priority for American and European lawmakers after the European Court of Justice ruled the Safe Harbor agreement “invalid” in October 2015. Safe Harbor enabled 4,000 companies to transfer European users’ data to the United States. Going forward, Europe’s data protection authorities must examine the validity of data transfers that are submitted for their review, while taking into account the situation in the United States, which does not offer adequate protection in terms of data privacy: the Safe Harbor agreement was deemed invalid due to the American government’s surveillance practices, which threatens the protection of European citizens’ data.
This new agreement, the Privacy Shield, is currently being negotiated between European and American authorities, and a result is expected in June 2016. How will it be different from Safe Harbor? According to current negotiations, this new agreement would offer stronger protection for European citizens’ rights than Safe Harbor did. Europeans would have several redress options in cases where their data rights were infringed by American companies. Additionally, this agreement will be reviewed every year. American companies will be subjected to more stringent obligations, and will be directly monitored by the U.S. Department of Commerce. The European Commission revealed the Privacy Shield’s major principles on February 29. This agreement is a consensus between business concerns for American companies and data protection for European users.
So what’s the holdup?
Isabelle Falque-Pierrotin, chair of the Article 29 Working Party (WP29) (the European group composed of data protection authorities from each EU member state) and president of the CNIL (France’s data protection authority), has criticised the text’s complexity and certain contradicting points. The taboo subject of surveillance by American agencies was also brought up, and is the subject of negotiations aiming to define the framework of this surveillance, which remains unclear for the moment. The project has also been criticised by European privacy rights activists like Max Schrems, whose lawsuit against Facebook eventually led to the annulment of Safe Harbor, as well as numerous politicians who say the agreement grants too much leeway to American intelligence agencies.
The text issued on February 29 was therefore a first necessary and significant step, but one that remains insufficient, according to many.
- Why and how was Safe Harbor annulled?
- What’s the current status? (May 2016)
- The entire Privacy Shield text, in a press release from February 29
- Follow the initiative on Twitter: hashtag #PrivacyShield
Go further: How can you stay updated on privacy issues?
To stay abreast of the latest developments in the data privacy world, it’s important to keep your eye on the right sources. Follow news and updates from your country’s data protection authority, if it exists. You can also follow the topic on social networks and on the web using alerts, but generally speaking, the most trustworthy information will come from official sources. Try checking out:
- The websites of national data protection authorities (UK: ICO, US: FTC, Netherlands: autoriteit persoonsgegevens, Germany: Virtuelles Datenschutzbüro)
- The Twitter accounts of American and British authorities: @ICOnews, @FTC
- The Twitter account of Aurélie Pols, a data privacy expert and advocate, and author of the white paper “Data Privacy: Understanding privacy principles and ensuring compliance of your digital analytics activities”.
- The hashtags #Privacy and #DataProtection on Twitter
What impact do these new measures have on AT Internet’s digital analytics solution?
— Aurelie Pols (@AureliePols) 7 mai 2016
We’re always looking out for the latest developments on privacy and data protection, and want to help our customers and readers do the same. With this in mind, we’ve partnered with expert Aurélie Pols to bring you a special White Paper that examines privacy principles and best practices for applying them within your organisation: