Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy & Compliance

One Year on, EU’s GDPR Sets Global Standard for Data Protection

The EU’s strict data laws have set the global benchmark for protecting personal information online since coming into force a year ago, but some worry that many users have barely noticed the change.

The EU’s strict data laws have set the global benchmark for protecting personal information online since coming into force a year ago, but some worry that many users have barely noticed the change.

The “General Data Protection Regulation” (GDPR), launched on May 25 last year, enhances the rights of internet users and imposes a wide range of obligations on companies, including that they request explicit consent to use personal data collected or processed in the European Union.

The EU has billed it as the biggest shake-up of data privacy regulations since the birth of the web, saying it sets new high standards as the world seeks closer scrutiny of tech giants like Facebook, Google and Amazon.

It has also prompted other authorities around the world to strengthen their own data laws.

GDPR

The US state of California, home to global tech haven Silicon Valley, last year adopted stringent data legislation largely inspired by the GDPR.

Japan meanwhile has worked with the EU to finalise common rules to offer its citizens an equivalent level of data protection as the GDPR.

And Australia plans to significantly strengthen sanctions against companies that breach data privacy rules, following the EU’s lead — the GDPR allows fines of up to four percent of a firm’s turnover.

– Companies slow to implement –

Advertisement. Scroll to continue reading.

But the transition has not always been easy — companies inside and outside the EU have spent a total of hundreds of millions of euros to comply with the regulations.

Much of this has gone to upgrading how firms handle the vast amounts of data streaming in every day.

“Many companies face a major problem: their IT system was designed around providing services, but not around the data, which is constantly duplicated in all directions, sent to multitudes of providers and suppliers,” said Gerome Billois, an expert at the IT service management company Wavestone.

He added that 31 percent of companies fail to implement the GDPR’s “right to be forgotten” — which allows people to have their personal data deleted — because “they don’t know precisely where the data is”.

But Jean-Michel Franco of the French software company Talend says the industry is now “starting to get up and running” in implementing the GDPR.

– Users ignoring rights? –

However several campaign groups that defend the rights of internet users say that the GDPR’s lofty goals are still a long way from being reached.

The main difference that most EU internet users notice under the GDPR are consent banners that pop up as they access a website.

Many users simply give their consent in the quickest way possible rather than asking for “more information” and being led into a maze of dense information and further questions.

A recent study of one urban transport website found that nearly 80 percent of users simply clicked the “accept all” button to move onto the site as quickly as possible.

Only around 10 percent of users chose to read the information detailing their rights — if the explanations were short — while another 10 percent read them thoroughly, according to the study of more than 280,000 people conducted in February by mobile marketing firm Ogury. 

– 145,000 complaints –

But while many internet users may pay the changes little heed, the GDPR has empowered some to take action against tech giants. 

So far nearly 145,000 complaints and questions have been registered with the EU’s national authorities in charge of enforcing the GDPR, an initial assessment revealed this week.

The complaints have also triggered severe penalties, including France’s record 50 million euros ($56 million) fine on US giant Google for not doing enough to inform users on how their data is used.

EU Justice and Consumer Affairs Commissioner Vera Jourova has said the regulation is like “a one-year-old baby who has an appetite and is very agile”. 

There was widespread criticism in the months leading up to the regulation coming into force, but now voices “around the world are calling for comprehensive data protection rules similar to GDPR”, she added.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...