Connect with us

Hi, what are you looking for?


Privacy & Compliance

EU Data Protection May Trigger Global Ripple Effect

The EU’s new data protection rules that enter into force later this month are having an impact around the world as firms, including in the United States and China, move to comply.

The EU’s new data protection rules that enter into force later this month are having an impact around the world as firms, including in the United States and China, move to comply.

While all firms globally are required to comply with the provisions of the General Data Protection Regulation (GDPR) when it comes to the data of Europeans, the rules may have a wider impact if firms decide to extend the protections to all users.

Major US platforms such as Facebook, Twitter, Instagram and Airbnb have begun to notify their users in Europe of modifications of their user terms in order to comply with the new EU rules.

Under GDPR firms user consent for use of their personal data must be freely “given, specific, informed and unambiguous”.

GDPR Fallout

Facebook has recently begun asking its European users that they approve the use of their data in order provide them with more pertinent advertisements as well as permission for facial recognition.

But it is still not clear which US firms will apply GDPR to all their users and which will do so only for Europe.

“We intend to make all the same controls and settings available everywhere, not only in Europe,” Facebook’s chief executive Mark Zuckerberg told reporters last month as the crisis exploded over the use of user data for political purposes by the firm Cambridge Analytica.

Advertisement. Scroll to continue reading.

“Is it going to be exactly the same format? Probably not,” he added.

Marketing advantage

For Sam Pfeifle, content director at the International Association of Privacy Professionals (IAPP), some US firms will have no other choice but to extend European protections to all users.

“For some companies being able to discern where their customers are coming from and segregate the data is very difficult and perhaps too difficult to make it worth it,” he said.

Some companies are transforming this pragmatic decision into a marketing advantage, telling their US clients they are offering European-level data protection, said Pfeifle.

Other companies are taking the opposite approach — deciding they would rather part ways with European users entirely rather than go through the effort of complying with the GDPR.

This is what the online role-playing game Ragnarok decided to do, sparking indignant reactions from European users who will find themselves cut off from May 25.

In China, there are fewer sensitivities about privacy, and the EU regulation will certainly be viewed more as a constraint than a marketing advantage. 

“Of course we will respect the GDPR for our European clients,” said a European working for a major Chinese internet firm on condition of anonymity.

But for Chinese users, the application of such privacy guards is likely for another day.

Impact on China

The Chinese “don’t have any reticence handing over their personal data if they see they are of some value” such as in new services or discounts, said the European executive, speaking on condition of anonymity.

Chinese internet titans are currently testing a system that assigns every citizen a social credit system that goes beyond a regular credit rating of a person’s finances and payment history by evaluating their behaviour and preferences as well as their personal relationships.

But it isn’t impossible that the European effort to codify and organise the respect for privacy will have an influence even in China, where internet users have occasionally lashed out.

At the beginning of the year Beijing said it had reprimanded several Chinese tech firms for inadequate protection of user data following a controversy implicating Alipay, the top Chinese payments platform linked to online commerce giant Alibaba.

Users reacted angrily after discovering the platform had been set up to automatically share user data with a credit rating service.

Alipay’s parent company Ant Financial apologised and redesigned the service so users had to opt in to use it.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Application Security

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s...