Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

EU’s New Data Protection Rules Come Into Effect

The European Union’s new data protection laws came into effect on Friday, with Brussels saying the changes will protect consumers from being like “people naked in an aquarium”.

The European Union’s new data protection laws came into effect on Friday, with Brussels saying the changes will protect consumers from being like “people naked in an aquarium”.

The EU’s so-called General Data Protection Regulation (GDPR) has been blamed for a flood of spam emails and messages in recent weeks as firms rush to request the explicit consent of users to contact them.

Even though the rules were officially adopted two years ago, with a grace period until now to adapt to them, companies have been slow to act, resulting in a last-minute scramble this week.

Britain’s data protection watchdog, the Information Commissioner’s Office (ICO), said that its site had experienced “a few interruptions” as the deadline loomed, but said that “everything is working now”.

Brussels insists that the laws will become a global benchmark for the protection of people’s online information, particularly in the wake of the Facebook data harvesting scandal.

“The new rules will put the Europeans back in control of their data,” said EU Justice Commissioner Vera Jourova.

“When it comes to personal data today, people are naked in an aquarium.”

Companies can be fined up to 20 million euros ($24 million) or four percent of annual global turnover for breaching the strict new data rules for the EU, a market of 500 million people.

Advertisement. Scroll to continue reading.

– Explicit consent –

The law establishes the key principle that individuals must explicitly grant permission for their data to be used.

The new EU law also establishes consumers’ “right to know” who is processing their information and what it will be used for.

People will be able to block the processing of their data for commercial reasons and even have data deleted under the “right to be forgotten”.

Parents will decide for children until they reach the age of consent, which member states will set anywhere between 13 and 16 years old.

The case for the new rules has been boosted by the recent scandal over the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.

The breach affected 87 million users, but Facebook said Wednesday it has found no evidence that any data from Europeans were sold to Cambridge Analytica.

Facebook chief Mark Zuckerberg said in a hearing at the European Parliament on Tuesday that his firm will not only be “fully compliant” with the EU law, but will also make huge investments to protect users.

Zuckerberg said he was “sorry” for the Cambridge Analytica breaches, but also for its failure to crack down on election interference, “fake news” and other data misuses.

– ‘Global standard’

Big platforms like Facebook, WhatsApp and Twitter seem well prepared for the new laws, while smaller businesses have voiced concern.

But EU officials say they are initially focusing on the big firms, whose business models use a goldmine of personal information for advertising, while offering smaller firms more time to adapt.

Meanwhile Brussels has expressed impatience with the eight countries — out of the EU’s 28 — that say they will not have updated their laws by Friday.

EU Commissioner Jourova said the new rules are setting “a global standard of privacy”.

Many Americans who once criticised Europe as too quick to regulate the new driver of the global economy now see the need for the GDPR, EU officials insist.

“I see some version of GDPR getting quickly adopted at least in the United States,” Param Vir Singh, a business professor at Carnegie Mellon University, told AFP in an email.

Japan, South Korea, India and Thailand are also drawing “some inspiration” from Brussels as they debate or adopt similar laws, another EU official said.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.