Daily Bulletin


The Conversation

  • Written by Claudio Bozzi, Lecturer in Law, Deakin University

You may have suddenly started receiving privacy updates from all the internet sites, apps and services you use. That’s because the European Union’s General Data Protection Regulation becomes law on May 25, 2018. It’s the clearest statement yet from any regulator on what consequences companies could face in dealing with their customers’ personal data.

The regulation has been introduced to counter the power and prevalence of data collection and online surveillance techniques. It contains strict new rules of data protection, and severe penalties for breaches.

The regulations apply to the data processing activities of any business that is a data processor (like US based Amazon Web Services or India based Habiledata) or data controller (like Ebay and Facebook) with an establishment in the EU.

It also applies to any processor or controller, wherever they are located, that is processing the personal data of EU residents. This is regardless of where that data is processed and is irrespective of whether payment is required.

By forcing non-EU companies to comply, the EU is ensuring that EU and non-EU businesses compete on the same terms.

How it will effect businesses

Australian businesses will not be forced to comply with or fall foul of the new data regulation merely because they maintain websites accessible in the EU. However, those with an office in the EU, or whose website is aimed at or tracks the data of EU residents, will be affected.

These include businesses with an EU footprint, for example retailer Harvey Norman operates in Ireland, Croatia and Slovenia. It also covers data processors in Australia whose business includes EU or EU based clients, and startups which trade globally.

Australian businesses may benefit from the fact that the new rules are consistent with the Australian Privacy Principles. Both promote transparency and accountability in information handling and require businesses to notify of any privacy breaches.

By contrast, businesses in countries where data handling requirements are less comprehensive (notably the US) will have to make changes to become compliant.

Nevertheless, the new EU law will impose new burdens on Australian businesses. For example, the EU laws specify encryption and pseudonymisation - where personally identifiable information is replaced by one or more pseudonyms - to ensure data is not identifiable.

The new EU law will also change the standard practices of online businesses by outlawing pre-ticked boxes, required consent and bundled consent. Businesses must now seek (in clear and plain language), and individuals must give, active, specific, free and informed consent to each purpose for which their data is collected.

The data law also require all businesses to demonstrate that they have procedures for notifying regulators and customers of data compromises: within 72 hours in the case of high risk breaches and without undue delay in all cases.

How it will effect consumers

The EU law includes new or enhanced rights for individuals. Many have no equivalents in other jurisdictions, including Australia.

People have a right to demand that businesses erase and cease disseminating personal information, and to halt its processing. However, this “right to be forgotten” is balanced against the public interest in the information remaining available.

The right to data portability in the legislation enables individuals to obtain personal information they have given by consent to one controller in a “structured, commonly used, machine-readable format” and transfer it to another. This will make it easier for customers to switch between businesses.

However these rights impose regulatory burdens on businesses. It may be technically and organisationally difficult without sophisticated and expensive data handling processes.

For businesses that rely on things like cloud backup and third party customer support, deleting or making copies of transferable data will be difficult.

The commercial value of data is such that some companies may simply try to avoid the consequences of the new EU laws by processing information outside the EU, and applying different standards of data protection to customers depending on their location. Facebook has done this.

On the other hand, given how complex double standards can be to apply in practice, they may simply make the EU rules the new normal of global privacy. In that case businesses should be using it as an opportunity to build more sustainable business models in the emerging era of respect for privacy.

Authors: Claudio Bozzi, Lecturer in Law, Deakin University

Read more http://theconversation.com/why-your-app-is-updating-its-privacy-settings-and-how-this-will-affect-businesses-95154

Writers Wanted

How To Find The Right Emergency Plumber Lismore

arrow_forward

Delivery rider deaths highlight need to make streets safer for everyone

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Ben Fordham, 2GB

BEN FORDHAM: Scott Morrison, good morning to you.    PRIME MINISTER: Good morning, Ben. How are you?    FORDHAM: Good. How many days have you got to go?   PRIME MINISTER: I've got another we...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Business News

Nisbets’ Collab with The Lobby is Showing the Sexy Side of Hospitality Supply

Hospitality supply services might not immediately make you think ‘sexy’. But when a barkeep in a moodily lit bar holds up the perfectly formed juniper gin balloon or catches the light in the edg...

The Atticism - avatar The Atticism

Buy Instagram Followers And Likes Now

Do you like to buy followers on Instagram? Just give a simple Google search on the internet, and there will be an abounding of seeking outcomes full of businesses offering such services. But, th...

News Co - avatar News Co

Cybersecurity data means nothing to business leaders without context

Top business leaders are starting to realise the widespread impact a cyberattack can have on a business. Unfortunately, according to a study by Forrester Consulting commissioned by Tenable, some...

Scott McKinnel, ANZ Country Manager, Tenable - avatar Scott McKinnel, ANZ Country Manager, Tenable



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion