The European Union has proposed a new data protection law, which can have potential policy ramification across the world.
Notably, the law seeks to prevent the export of personal data outside EU.
What is the EU law about?
General Data Protection Regulation (GDPR) was introduced by the EU recently and it is expected to harmonise data laws across EU member counties.
GDPR ensures data protection and privacy for all those living within the EU, and also prevents the export of personal data outside its territories.
It deals with three primary areas: personal data collection, its use, and design privacy - although what constitutes personal data remains a little ambiguous.
The law demands that clear consent is to be sought from the concerned person to use personal data after providing sufficient information on the same.
GDPR changes are expected to drastically alter the landscape for most Internet companies, which are fuelled in every sense by the data of users.
Notably, their entire business model of the internet big-wings is based on small bits of data they collect from users.
What are the likely implications?
A lot of data is offered voluntarily by users, but often, they are not fully aware of what data they are creating, what they are transmitting, and how it is used.
The explicit consent requirement under GDPR hence expected to reduce the volume of data transmitted.
While the overall implications are still under study, experts vouch that the effective functionality of some internet services might get affected.
GDPR is also likely to bar a lot of Internet services for those under age 16 and also curtail the unsolicited marketing emails.
How does the future look?
While Facebook has stated that it would comply with GDPR within the stated deadline of May 25th, most other internet biggies seem under prepared.
This could result in a spate of litigations in the coming days.
The Worry - “Right of Access” clause that is expected to worry companies the most, as this will make data collection extremely transparent.
The clause provides for users to demand internet companies to display all information related to them, which is in the company’s procession.
This can be followed through with requests for correction or even erasure, which might affect their business and also prove to be a compliance nightmare.
Default Standard - The European data protection standards might end up becoming the default for the rest of the world, even without clear enactments.
Notably, Microsoft announced that it would implement GDPR standards to all its customers worldwide, a move to get its backend infrastructure streamlined.
If more companies follow suit, it will be good for consumers in countries like India, where user data is still up for grabs for the highest bidder.
