Daily Bulletin

The Conversation

  • Written by Claudio Bozzi, Lecturer in Law, Deakin University

You may have suddenly started receiving privacy updates from all the internet sites, apps and services you use. That’s because the European Union’s General Data Protection Regulation becomes law on May 25, 2018. It’s the clearest statement yet from any regulator on what consequences companies could face in dealing with their customers’ personal data.

The regulation has been introduced to counter the power and prevalence of data collection and online surveillance techniques. It contains strict new rules of data protection, and severe penalties for breaches.

The regulations apply to the data processing activities of any business that is a data processor (like US based Amazon Web Services or India based Habiledata) or data controller (like Ebay and Facebook) with an establishment in the EU.

It also applies to any processor or controller, wherever they are located, that is processing the personal data of EU residents. This is regardless of where that data is processed and is irrespective of whether payment is required.

By forcing non-EU companies to comply, the EU is ensuring that EU and non-EU businesses compete on the same terms.

How it will effect businesses

Australian businesses will not be forced to comply with or fall foul of the new data regulation merely because they maintain websites accessible in the EU. However, those with an office in the EU, or whose website is aimed at or tracks the data of EU residents, will be affected.

These include businesses with an EU footprint, for example retailer Harvey Norman operates in Ireland, Croatia and Slovenia. It also covers data processors in Australia whose business includes EU or EU based clients, and startups which trade globally.

Australian businesses may benefit from the fact that the new rules are consistent with the Australian Privacy Principles. Both promote transparency and accountability in information handling and require businesses to notify of any privacy breaches.

By contrast, businesses in countries where data handling requirements are less comprehensive (notably the US) will have to make changes to become compliant.

Nevertheless, the new EU law will impose new burdens on Australian businesses. For example, the EU laws specify encryption and pseudonymisation - where personally identifiable information is replaced by one or more pseudonyms - to ensure data is not identifiable.

The new EU law will also change the standard practices of online businesses by outlawing pre-ticked boxes, required consent and bundled consent. Businesses must now seek (in clear and plain language), and individuals must give, active, specific, free and informed consent to each purpose for which their data is collected.

The data law also require all businesses to demonstrate that they have procedures for notifying regulators and customers of data compromises: within 72 hours in the case of high risk breaches and without undue delay in all cases.

How it will effect consumers

The EU law includes new or enhanced rights for individuals. Many have no equivalents in other jurisdictions, including Australia.

People have a right to demand that businesses erase and cease disseminating personal information, and to halt its processing. However, this “right to be forgotten” is balanced against the public interest in the information remaining available.

The right to data portability in the legislation enables individuals to obtain personal information they have given by consent to one controller in a “structured, commonly used, machine-readable format” and transfer it to another. This will make it easier for customers to switch between businesses.

However these rights impose regulatory burdens on businesses. It may be technically and organisationally difficult without sophisticated and expensive data handling processes.

For businesses that rely on things like cloud backup and third party customer support, deleting or making copies of transferable data will be difficult.

The commercial value of data is such that some companies may simply try to avoid the consequences of the new EU laws by processing information outside the EU, and applying different standards of data protection to customers depending on their location. Facebook has done this.

On the other hand, given how complex double standards can be to apply in practice, they may simply make the EU rules the new normal of global privacy. In that case businesses should be using it as an opportunity to build more sustainable business models in the emerging era of respect for privacy.

Authors: Claudio Bozzi, Lecturer in Law, Deakin University

Read more http://theconversation.com/why-your-app-is-updating-its-privacy-settings-and-how-this-will-affect-businesses-95154

Writers Wanted

Why a carbon price alone won't be enough to drive down New Zealand's emissions


At last, health, aged care and quarantine workers get the right masks to protect against airborne coronavirus


NZ’s clean car discount is a turn in the right direction, but how much will it drive consumer demand?


The Conversation


Prime Minister interview with Karl Stefanovic and Allison Langdon

Karl Stefanovic: PM, good morning to you. Do you have blood on your hands?   PRIME MINISTER: No, it's obviously absurd. What we're doing here is we've got a temporary pause in place because we'v...

Karl Stefanovic and Allison Langdon - avatar Karl Stefanovic and Allison Langdon

Prime Minister Scott Morrison delivered Keynote Address at AFR Business Summit

Well, thank you all for the opportunity to come and be with you here today. Can I also acknowledge the Gadigal people, the Eora Nation, the elders past and present and future. Can I also acknowled...

Scott Morrison - avatar Scott Morrison

Morrison Government commits record $9B to social security safety net

The Morrison Government is enhancing our social security safety net by increasing support for unemployed Australians while strengthening their obligations to search for work.   From March the ...

Scott Morrison - avatar Scott Morrison

Business News

Boom in Aussies buying up restaurants, pubs, hotels and bars in regional centres

With international borders closed, regional Australia is seeing a dramatic surge in popularity as people move out of the cities and into their quaint communities. City slickers are looking for new...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

5 Signs Your Business Needs Onboarding Software

Onboarding software is the technology that automates a smooth transition for new hires from before the interview to the first day on the job. High-quality onboarding platforms feature a digital da...

Onboarded - avatar Onboarded

What Is COVID 19 Risk Assessment for Vulnerable Workers and Why Your Business Needs it

During the height of the COVID-19 pandemic, governments strongly advised people to just stay at home as a critical effort to stop the spread of the virus. This led to many businesses temporarily s...

NewsServices.com - avatar NewsServices.com