Subscribe to Here’s the Deal, our politics
newsletter for analysis you won’t find anywhere else.
Thank you. Please check your inbox to confirm.
The European Union on Friday will install the General Data Protection Regulation, the biggest change to online privacy rules since the internet was invented. The rules will apply to thousands of companies including Google and Facebook and are meant to protect privacy rights for individuals in the EU. Rob Pegoraro, a writer for Yahoo Finance and USA Today, joins Alison Stewart to discuss.
Next week, the European Union will see one of the biggest changes to online privacy since the advent of the Internet. It's called the General Data Protection Regulation or GDPR and as of May 25th it will apply to thousands of companies including the giants like Google and Facebook that do business in the E.U. Violating the new rules could mean billions of dollars in fines but what does it do for individuals and what will it mean for us here in the United States? To help us answer some of those questions, I'm joined from Washington D.C. by Rob Pegoraro, a writer for Yahoo Finance and USA Today. OK, so Rob what is the goal of the law? What is it hoping to fix?
It's hoping to put people back in control of their data. It says, you have to consent to the use of it for marketing purposes, you can't have it used for other purposes without the company asking again. It has to be your direct consent. They can't give you a funny little check box where yes is already clicked yes and the no button is tiny and off to a corner somewhere. If they lose your data they have to notify you. It's a 72 hour time typical for a data breach and in the U.S. there's no such federal regulation at all. In most cases they have to give your data back to you in a form that you can take to a competing service what's called data portability. It's a huge set of changes.
So if I decide not to let a company have my data, will it keep me from going to that company's website?
Potentially, yes. There are some companies that have already said we're not going to try to mess with the GDPR at all. If we see you connecting from a European Internet Protocol address, we're just going to lock you out of our site.
So what was the genesis of this regulation? It seems much stronger than anything we have here in the United States or even could imagine right now.
Privacy laws have long been stronger in the E.U. for a lot of different historical reasons. You know, in the U.S., some states have strong privacy laws but at the federal level there's traditionally been nothing. The whole idea is, a company has to tell you what they're going to do with your privacy and if they're not, if they don't stick to their word, then you can bring a case out of it.
So if I'm sitting in Tallahassee, Florida, does this have any meaning for me?
Much to my surprise, it looks like it will. What seems to be happening in a lot of cases, companies don't like to make two products in the same way a car company would rather not make one model for California and one for the rest of the U.S. So, a lot of U.S. firms, especially the very large ones, have decided that if we're going to have to build a data portability function into our service, we'll offer that to the U.S. as well. That's why Instagram, years and years after Facebook added the same thing, now lets you take your data elsewhere.
Are there any unintended consequences of this regulation it seems like it's for the good? I've heard one argument that this could possibly thwart business growth.
There's definitely a risk of that. You know, you can't start your startup with one idea in mind and then pivot to different business model. That's going to require using all these people's data in a way that didn't consent to. There is a fear that because the actual GDP our text runs about 55,000 words, this could sort of entrench established companies that have large compliance departments and law firms on retainer and a small startup, two people in the garage, the third person in the garage is probably not going to be a lawyer so they might decide that this is too much of a risk. On the other hand, it could be that you know when you have to build a model that treats customers as having power over the data, that might open up business model possibilities that right now Silicon Valley doesn't really consider.
And who is going to be policing all this? Who's going to hold these companies accountable?
So it's the European Union. This applies to any company if you do business in the E.U. If your site has a French language version, German language version, if you have list prices listed in euros then you are doing business in the E.U.
We shall see what happens next week. Rob Pegoraro from Yahoo! and USA Today, finance reporter. Thanks so much.
Watch the Full Episode
Support Provided By: