There is a reason you are seeing messages in your inbox from apps and services you might not have used in years. On Friday, Europe’s General Data Protection Regulation went into effect, prompting companies and services to alert you as to how they meet the new privacy guidelines.
According to CNBC, “The GDPR guidelines are long and complicated, but the gist is that the protections give you more control over the data companies store on you and how the information can be used. In advance of the new rules, you’ve been getting flooded with emails explaining updates that comply with GDPR.”
Under the new GDPR policies, companies that offer apps and services in Europe are required to update their guidelines and even the core structure of their apps so they comply with the new privacy rules.
The U.K.’s Information Commissioner’s Office maintains the detailed information on GDPR, but generally it focuses on the protection of personal data. The GDPR defines personal data as follows:
- “Personal data is information that relates to an identified or identifiable individual.”
- “What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors.”
- “If it is possible to identify an individual directly from the information you are processing, then that information is personal data.”
Many companies are offering consumers the opportunity to download personal copies of the data that the companies have collected on them or that they have stored, including Google, Apple and Facebook. Such companies are even making it easier to download personal data due to GDPR personal protections, which include:
- The right to be informed, meaning you have the right to know how companies use your data.
- The right of access, meaning you have access to all of the data a company stores on you.
- The right to rectification, meaning you can modify personal data if it not correct.
- The right to erasure, meaning you can remove all of the data a company has stored on you.
- The right to restrict processing, which, in some circumstances, allows a person to limit how a company uses their data.
- The right to data portability, meaning you are permitted to download your data and take it to another service. For example, you could remove everything from Google and move it to Apple.
- The right to object, meaning users are afforded an “absolute right” to stop companies from using private data for marketing.
- Rights in relation to automated decision-making and profiling, meaning guidelines were added regarding decisions that are made by machines instead of humans.
One of the major aims of GDPR is to prevent companies from using vague or confusing statements to get people to agree to give them data, which could have a profound impact on some of the biggest technology firms in the world, including Facebook and Google.