Daily BulletinDaily Bulletin

The Conversation

  • Written by Claudio Bozzi, Lecturer in Law, Deakin University

You may have suddenly started receiving privacy updates from all the internet sites, apps and services you use. That’s because the European Union’s General Data Protection Regulation becomes law on May 25, 2018. It’s the clearest statement yet from any regulator on what consequences companies could face in dealing with their customers’ personal data.

The regulation has been introduced to counter the power and prevalence of data collection and online surveillance techniques. It contains strict new rules of data protection, and severe penalties for breaches.

The regulations apply to the data processing activities of any business that is a data processor (like US based Amazon Web Services or India based Habiledata) or data controller (like Ebay and Facebook) with an establishment in the EU.

It also applies to any processor or controller, wherever they are located, that is processing the personal data of EU residents. This is regardless of where that data is processed and is irrespective of whether payment is required.

By forcing non-EU companies to comply, the EU is ensuring that EU and non-EU businesses compete on the same terms.

How it will effect businesses

Australian businesses will not be forced to comply with or fall foul of the new data regulation merely because they maintain websites accessible in the EU. However, those with an office in the EU, or whose website is aimed at or tracks the data of EU residents, will be affected.

These include businesses with an EU footprint, for example retailer Harvey Norman operates in Ireland, Croatia and Slovenia. It also covers data processors in Australia whose business includes EU or EU based clients, and startups which trade globally.

Australian businesses may benefit from the fact that the new rules are consistent with the Australian Privacy Principles. Both promote transparency and accountability in information handling and require businesses to notify of any privacy breaches.

By contrast, businesses in countries where data handling requirements are less comprehensive (notably the US) will have to make changes to become compliant.

Nevertheless, the new EU law will impose new burdens on Australian businesses. For example, the EU laws specify encryption and pseudonymisation - where personally identifiable information is replaced by one or more pseudonyms - to ensure data is not identifiable.

The new EU law will also change the standard practices of online businesses by outlawing pre-ticked boxes, required consent and bundled consent. Businesses must now seek (in clear and plain language), and individuals must give, active, specific, free and informed consent to each purpose for which their data is collected.

The data law also require all businesses to demonstrate that they have procedures for notifying regulators and customers of data compromises: within 72 hours in the case of high risk breaches and without undue delay in all cases.

How it will effect consumers

The EU law includes new or enhanced rights for individuals. Many have no equivalents in other jurisdictions, including Australia.

People have a right to demand that businesses erase and cease disseminating personal information, and to halt its processing. However, this “right to be forgotten” is balanced against the public interest in the information remaining available.

The right to data portability in the legislation enables individuals to obtain personal information they have given by consent to one controller in a “structured, commonly used, machine-readable format” and transfer it to another. This will make it easier for customers to switch between businesses.

However these rights impose regulatory burdens on businesses. It may be technically and organisationally difficult without sophisticated and expensive data handling processes.

For businesses that rely on things like cloud backup and third party customer support, deleting or making copies of transferable data will be difficult.

The commercial value of data is such that some companies may simply try to avoid the consequences of the new EU laws by processing information outside the EU, and applying different standards of data protection to customers depending on their location. Facebook has done this.

On the other hand, given how complex double standards can be to apply in practice, they may simply make the EU rules the new normal of global privacy. In that case businesses should be using it as an opportunity to build more sustainable business models in the emerging era of respect for privacy.

Authors: Claudio Bozzi, Lecturer in Law, Deakin University

Read more http://theconversation.com/why-your-app-is-updating-its-privacy-settings-and-how-this-will-affect-businesses-95154

These historic grasslands are becoming a weed-choked waste. It could be one of the world's great parks


'No one would even know if I had died in my room': coronavirus leaves international students in dire straits


The Conversation


Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Prime Minister National Cabinet Statement

The National Cabinet met today to discuss Australia’s COVID-19 response, the Victoria outbreak, easing restrictions, helping Australians prepare to go back to work in a COVID-safe environment an...

Scott Morrison - avatar Scott Morrison

Business News

Link Building Secrets - Comprehensive Guide

Link building has proven to be an effective approach when it comes to promoting your online website. Let's analyze the topic of developing an effective link building strategy for site promotion ...

Julia Smith - avatar Julia Smith

What to Expect from Your NDIS Verification & Certification Audit

The National Disability Insurance Agency administers NDIS (National Disability Insurance Scheme) in Australia. The NDIS Quality and Safeguards Commission governs it. As a welfare support scheme of...

Sarah Williams - avatar Sarah Williams

Why You May Need A Tower Scaffold Hire

When constructing a building, or even a multilevel structure, you must use a tower scaffold to get you into position. What is unique about this type of scaffolding is that you can build it highe...

News Company - avatar News Company

News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion