How Europe’s new privacy rule is reshaping the internet

  • The Verge | by: Russell Brandom |
  • 03/28/2018 12:00 AM
by is licensed under
If you’ve been looking for it, you may have seen a lot of privacy policies change in the past few months. From Google to Slack, companies are quietly updating terms, rewriting contracts, and rolling out new personal data tools in preparation for a massive shift in the legal landscape. So far, it’s mostly been a problem for legal departments, but as policy changes and contract fights go public, it’s started affecting the average web user, too.

The rule is called the General Data Protection Regulation (or GDPR), and it’s poised to reshape some of the messiest parts of the internet. Here’s what you need to know about it.

What is the GDPR?

The General Data Protection Regulation is a rule passed by the European Union in 2016, setting new rules for how companies manage and share personal data. In theory, the GDPR only applies to EU citizens’ data, but the global nature of the internet means that nearly every online service is affected, and the regulation has already resulted in significant changes for US users as companies scramble to adapt.

Much of the GDPR builds on rules set by earlier EU privacy measures like the Privacy Shield and Data Protection Directive, but it expands on those measures in two crucial ways. First, the GDPR sets a higher bar for obtaining personal data than we’ve ever seen on the internet before. By default, any time a company collects personal data on an EU citizen, it will need explicit and informed consent from that person. Users also need a way to revoke that consent, and they can request all the data a company has from them as a way to verify that consent. It’s a lot stronger than existing requirements, and it explicitly extends to companies based outside the EU. For an industry that’s used to collecting and sharing data with little to no restriction, that means rewriting the rules of how ads are targeted online.
by is licensed under

Comments