Big Tech’s Big Scramble

EU’s General Data Protection Regulation Looms


For Internet companies and app providers whose business models depend on consumer data, things are soon going to change in Europe. The EU’s General Data Protection Regulation (GDPR) will go into effect on 25 May 2018, in many ways bringing about the biggest overhaul of personal data privacy rules since the birth of the Internet.

Internet companies will no longer be able to collect or share user data unless they provide the people affected with a clear, simple explanation of how they will process this information. Data collection will need to work on an opt-in basis only, so companies must get consent from users to collect.

Despite having had years to adapt to this rule, technology companies generally haven’t been conforming to it, instead tacitly betting that if everyone failed to comply, the European Commission wouldn’t know where to launch its enforcement action.

Under the GDPR, companies will need to report data breaches within 72 hours and to let customers export their data and delete it. The regime drastically raises the level of fines for organisations found to be in violation of the data protection law, potentially rising as high as 4 percent of global annual turnover or €20 million, whichever is higher.

Many businesses have overhauled how they give users access to their own privacy settings and some have redesigned certain products that collect too much user data. In a few cases, companies have removed offerings entirely from the European market because they would violate the new privacy regulation.

The biggest tech giants affected by the GDPR, Amazon, Apple, Facebook, Google and Microsoft, are each preparing for the EU’s stringent rule changes in their own way. Google, for example, has started letting people around the world choose what data they want to share with its various products, including Gmail and Google Docs. Amazon recently began improving the data encryption on its cloud storage service and simplified an agreement with customers over how it processes their information.

Facebook rolled out a new global data privacy centre, a single page where users can decide who sees their posts and what type of ads they’re served. The social network is also launching a campaign to teach users to protect their data, and for the first time publicly shared its “privacy principles”, a set of broad ideas that govern the company’s thinking about data protection.

Microsoft is introducing a new page for users to manage their privacy settings, called Windows Diagnostic Data Viewer. The tool will let Windows 10 users access diagnostic data about their account stored in Microsoft’s cloud, make changes to this data, export it, and delete specific items. The dashboard will also allow them to adjust privacy settings on their devices.

In all likelihood, smaller businesses will follow the lead of the bigger tech players to see how they adjust to the GDPR. The new regime will have large effects in the Internet of things systems, for the connected home, wearables, smart cities and industrial systems. It could be a taste of things to come in other regions as well.

We expect more countries to impose rules as consumer data becomes a type of global currency among companies.