Today is the fourth anniversary of the GDPR, or the General Data Protection Regulation, an EU law surrounding data privacy. This regulation is the reason āI consent,ā “Accept all cookies,” or other similar buttons appear when you first land on a websiteāoften regardless of whether you are in the EU or not. But what does it really mean? This post will explore the GDPRās meaning and how it has changed our digital lives in the last four years.
What is the GDPR?
Itās a set of rules that protect individualsā personal data. Although it’s EU-based, many companies make their GDPR compliance worldwide. This regulation ensures that EU internet users have the following rights:
- Right to transparency (Article 12)
Companies have to communicate clearly and in plain language. - Right to access personal data (Articles 13-15)
On request, companies have to share all personal information they have on you. This includes purchase history, behavioral analytics, and more. - Right to be forgotten (Articles 16-20)
On request, companies have to erase all data related to you. - Right to Refuse Data Processing (Articles 21, 22)
Companies are not allowed to do anything with personal data without explicit consent. This is why you see the āI consentā buttons on websites.
Companies are responsible for proving GDPR compliance by showing what information they collect, how long they keep it, and who theyāre sharing it with.
Read more: 3.2 million āright to be forgottenā requests since 2014
GDPR violations hit Big Tech
From 2018 to 2020, the European Commission issued fines against Facebook and Google. But the biggest fine, 50 million EUR (59.27 million USD) towards Google, was small in the context of the companyās overall revenue.
In 2021, the European Commission got more serious about enforcing the GDPR, issuing a 40% greater number of fines than in 2020, including a fine of 746 million EUR to Amazon. This fine was more than double all the previous ones combined.
During that time, surveys showed companies’ concerns shifting. In 2018, they saw the greatest challenges as complying with the right to be forgotten, data requests, and data portability. By 2021, the concerns were consent and international data transfer.Ā
While this regulation has been making waves for companies’ online presence, what is the GDPR’s effect on our daily lives? Letās review both the positives and the negatives.
GDPR’s positive impact
1) Businesses now operate with privacy in mind
Since 2018, companies have spent over 9 billion USD to ensure GDPR compliance.
This money went into changing company procedures and hiring data-protection officers. These workers track processes, audit data, and raise employee awareness. This regulation has also changed the way apps are developed, with some studies finding moderate improvements to app safety since the GDPR came into effect.
Finally, this regulation has changed online marketing. Advertisers are turning away from cookies and personal data mining. Instead, they are advertising based on webpage contentāa concept called contextual marketingāand brands plan to spend 20% of their media budget this way in 2022.Ā
Read more: Surveillance capitalism: How every ālikeā adds to your data for sale
2) No more auto opt-ins
They might be a hassle, but the āI consentā buttons are a good thing. They represent companies asking you permission to gather data for marketing activities. For GDPR compliance, they need to tell you what data they are taking and how they will use it. And for every consenting button, there is the option to deny data collection. The comfort of knowing that you are not being data-mined is well worth clicking a button or two.Ā
3) Improved employee privacy rights
The GDPR not only protects citizens’ rights as consumers but also as employees. In 2020, one company received a 35.3 million EUR fine for breaching the privacy of its employees. The company had created profiles of each staff member based on informal discussions and included everything from holiday activities to religious beliefs. They were shared with over 50 managers and used to inform HR decisions.
The GDPR defines this information as sensitive personal data. This is a special category of information that companies cannot process (Article 9). In fact, the GDPR is an upgrade from the 1995 EU Data Protection Directive. It sets a wider definition of personal data and grants employees more rights. No matter where the company is, it has to follow the GDPR as long as it has EU-based employees.
Read more: ExpressVPN survey reveals the extent of surveillance on the remote workforce
4) Increased awareness of data privacy
The launch of the GDPR came with press coverage and websites launching consenting buttons. At the same time, companies sent emails about privacy policy changes. All this happened at once, bringing data privacy into the public eye.Ā
According to a study from Cisco, 84% of people said they wanted more control over how their data gets used, and 48% have switched service providers because of their data-sharing practices.Ā
GDPRās negative impact
1) Loss of services, content, and innovation
Although the GDPR has improved privacy rights, it has made it harder to do business online. According to a recent Oxford study (pdf), this regulation resulted in an 8% drop in company profits and 2% drop in sales. Small tech businesses are being hit particularly hard, facing double the average decline.
GDPR compliance is seen as so onerous that some sites and services cut off the EU or shut down their services altogether. When it came into effect, over 1,000 US-based news sites blocked EU countries from access.Ā
There was a similar effect on the Google Play store. According to one study (pdf), the number of mobile apps dropped by a third after the GDPR was launched. Since then, the number of new apps has fallen by 47.2%.Ā
Read more: 20 tech giants could face stricter rules in the EU. Will this hurt innovation?
2) Fewer free services
What if Facebook or Twitter charged a monthly fee for their services? The GDPR makes it more difficult to justify offering free services. If youāre not paying for the service by cash, then youāre paying by watching ads or by providing data. And with the GDPRās consent requirements, gathering customer data has become harder.Ā
On top of that, companies also have to cover the costs of ensuring GDPR compliance. According to one report, 88% of companies spend more than 1 million USDāand 40% of companies spend more than 10 million USD. This makes it harder for companies to justify offering free services.
Read more: Would you trade your privacy for free apps? Some donāt have a choice
The future of GDPR
While there have been privacy laws before, the GDPR is the first one that led to companies worldwide restructuring to ensure compliance.Ā
At the same time, 14 non-EU countries have matched their privacy laws to the GDPR. The European Commission has granted these countries GDPR “adequacy,” which means they are recognized as having adequate data protection and can receive personal data from the EU without additional safeguards. As more companies and countries get on board, the GDPR is on its way to becoming a global standard of privacy.Ā
This year, the EU will launch an update to the 2002 ePrivacy Directive. This update includes a cookie provision that will reduce the number of āconsentā buttons. It will also ban spam and require marketing callers to reveal their phone numbers. Finally, it will improve confidentiality protection in instant messaging.
Moving forward, governments will face some interesting challenges in privacy legislation. One such challenge is blockchain. Although the GDPR encourages privacy by design, blockchains are the polar opposite: They are transparent by design, and this transparency is a key feature that makes them secure. Once entered into a blockchain, information is visible to all and cannot be erased. So much for the right to be forgotten. We look forward to seeing how governments will address this unique challenge.
Let us know your thoughts about GDPR in the comments!
Take the first step to protect yourself online
30-day money-back guarantee
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?
Comments
So who are the benefactors of these hundred million dollar fines? How is that money distributed and to what end? Sounds like a handful of lawyers were able to syphon off the tits of tech. Good for them, where does that leave you and I? Less vulnerable online than before? Right, I feel safer already. Matter of fact I think there are a handful of hot videos in my spam folder that are obviously vetted and deserve a look. It’s a consolidation of information gathering, you can’t have a market full of info peddlers and thieves. The biggest thieves, I mean peddlers will ensure they control the market and your consumption is the only thing that matters. Compression š
Privacy and Profit: You know, it’s funny, not ha-ha-funny, but peculiar-funny. So many people have given their mouth to talking about more privacy, its importance, its value. People do not really understand what “privacy” means or even what it does in a healthy society versus what it does in a diseased society (many examples but they all include Russia, India, China, the Little Rocket-Man Country, and many others….what!?!? YOU MEAN “OUR COUNTRY TOO ?!?!”). So these people remain conflicted and confused.
Regarding financial matters it’s a different menu. Business and Governments have amply demonstrated to the world that just because they’re a Democracy, does not mean they can be trusted at all. For example, Many gullible fools in America were sleeping through their Psych-class. Given the world’s history, it seems that in a free democracy (hint: that means not America) might it possibly be a “HEALTHY” idea that financial matters be “transparent” as a kind of “guarantee” that “yes, I DID TOO PAY you for that bratwurst sandwich and a new Cadillac and the world knows it?ā That is a kind of solution to the perverse extension of dark money funding everything from state sanctioned murdering-engines to shoveling psychopaths into seats of power. And this is exactly where the disturbed personality goes off truth’s rails…right into that behavior that wants to remain anonymous while funding the terrorist bomb to blow up (the-hated)’s headquarters or conceal buying AR-15’s in quantity.
Hey, I’ve got an idea that will make us all billionaires! We’ll require (by law or corporate fiat) all financial transactions be blockchain recorded and then we’ll create this company, let’s see….we could call it, um…Giggle, who’d invent algorithms for mega-data mining and then we sell all that to people who’s main goal is, if not making profits by screwing customers, at least cut quality corners where the ear to lop-off is one to the heart and soul of what every kindergarten kid is taught America stands for. What did you say…? Itās already been done? Well, that was just the market.
But seriously, how do you think the real estate land title industry works? It’s paper and microfiche, and hard drives, but looky-that! Sure resembles a primitive kind of blockchain that helps keep thieves and con-men out, legitimate fools in. No complaint there. Correct?
Neither should there complaint be for property personal or real. That’s what a blockchain does. What a huge boon that could be in a Human-Community: making accounting an easy matter of record, so people spend their time on higher-value stuff like hundred-year planning to actually care for the planet and all our fellow passengers, to name only two.
So if thereās no social structure surreptitiously created to encourage dark money, dial-M for meat-head politician, then there’s a Human-Community tax on everything, like stop signs and traffic signals, it keeps an relationship for, if not respect, at least willing accord. GDPR is a kind of Human-Community tax on businesses that too easily operate as if they need to hide a back-room mafia running a secret shell game with your personal data. The back-room boys hate a Human-Community tax because they āloseā money reducing business and costs them compliance overhead to be up-front. Oh poor spoiled brat babies. Gee…that’s too bad. Grow up.
GDPR basically says “Either be up-front or go out of business.” If Vladimir Putin did that he’d be “out of business,” wouldn’t he?
So I celebrate the EU doing what America is too weak with vile dollar-lust to do in their pursuit of more profit. Business, business, business–all good, but too much of a good thing ruins your appetite and your health. I am talking to you America.
What the world needs now is profound love, heart, and soul and weāll not get that by winking the green light to dark money, bought-N-sold politicians, and psychopaths.
Since Iāve been using Express VPN, several times a week, I am prohibited from entering sites because I donāt allow cookies, tracking. If it is something I am extremely interested in, I bite the bullet and click on accept cookies. Very frustrating.
Please contact Support by live chat or email, and they might be able to troubleshoot the issue.