It’s not just you. Over the past several weeks, many people have been bombarded with emails about data privacy from major corporations such as Twitter and Facebook. There’s a reason all these businesses are updating their privacy policies—and, though you may be tempted to trash those emails, they carry news of real change. The companies sending them have until May 25 to comply with a new privacy law enacted by the European Union, known as the General Data Protection Regulation (GDPR).
What is GDPR compliance?
The E.U. guidelines limit how companies can use and process the personal data of consumers, giving ordinary people more control over their own information. Under the GDPR, corporations need to explicitly ask if they can collect your data, they’re required to answer if you inquire what that data is used for, and they must give you the right to permanently delete that information. Companies will also be required to disclose now ubiquitous data breaches within 72 hours.
What will GDPR change?
Even if a company chooses to change its policy for all users, only those covered by the GDPR – so, those in the E.U. – will have legal recourse. But experts say it’s still an important reminder for everyone to think about these issues. Many people don’t realize just how much businesses rely on data to make determinations about customers. “Your data is being used for significant decisions that are made about you,” says Chris Meserole, a fellow at the Brookings Institution. “If you are applying for a credit score, a loan, any number of things, an algorithm can just decide that you’re not qualified.”
GDPR in the U.S.
As of now, there are no laws in the pipeline to enact similar changes in the U.S., so Americans will have to be satisfied with these secondhand benefits. But the GDPR is already leading some corporations to make changes globally to simplify implementation. If it affects users’ attitudes toward privacy the way some experts predict, such changes seem likely to spread.