A. Facebook’s recent and well-documented issues with protecting the personal information of its users prompted the company to announce that it was changing some of its practices and redesigning its privacy settings to make them easier for its users to find and understand. But certain changes were already in the works for Facebook — and many other online services — because of strict new data privacy rules taking effect next month in Europe.
The European Union’s General Data Protection Regulation (G.D.P.R.) goes into effect on May 25 and is meant to ensure a common set of data rights in the European Union. It requires organizations to notify users as soon as possible of high-risk data breaches that could personally affect them. It also gives citizens the right to obtain copies of the data companies have compiled about them and codifies their right, under certain circumstances, to have their personal data erased (also known as the “right to be forgotten”).
The law also dictates that when a company asks a consumer to give consent to use his or her personal information, those user agreements and other dense legal forms people tend to click past “should be provided in an intelligible and easily accessible form, using clear and plain language and it should not contain unfair terms.” The age of consent itself is set at 16 years.
The G.D.P.R. applies stiff financial penalties for those who do not comply, and American companies handling the data of E.U. citizens must also follow the rules. Many online services have customers worldwide, and are updating their privacy policies and terms of service to factor in these new European rules — which is mainly why you are seeing so many notifications.
Personal Tech invites questions about computer-based technology to email@example.com. This column will answer questions of general interest, but letters cannot be answered individually.