The European Union’s new General Data Protection Regulation is slated to go into effect on Friday, May 25.
The GDPR represent the most massive change to data security in the EU in decades. It implements a large set of changes to how data is regulated. For one, companies operating in the EU must notify regulators of any data breaches within 72 hours. Firms must also be much more transparent about the kind of data they collect — and why. It also implements a “right to be forgotten.”
But even if you aren’t in Europe, the new set of rules will likely bring about some big changes.
While GDPR rules won’t apply to people who aren’t EU residents, foreign websites, companies and platforms will need to update their practices to avoid running afoul of the regulations. That includes U.S.-based juggernauts like Google, Apple and Facebook.
While some companies have taken to applying the new set of standards more broadly, others have been more hesitant. One of the new rules that GDPR implements is the right for EU consumers to request a copy of the data a firm collects on them.
Like other large technology companies, Apple is moving to change its platforms to comply with GDPR. It’s launched a new privacy Apple ID website that easily lets EU users review the data that the Cupertino tech giant has collected.
But Apple says it will bring that same privacy platform to users outside of the EU “in the coming months.”
Facebook, on the other hand, is going to be implementing similar GDPR-compliant regulations. But according to CNN, it may “slightly” alter those platforms in the U.S. and other countries.
TechCrunch points out that, while Facebook says it will make the same privacy “controls and settings” available across the globe, it doesn’t mean that GDPR “principles” will be applied everywhere. But even then, GDPR is “staggeringly complex.” And most experts agree that the majority of companies won’t be 100 percent compliant by the time it goes into effect this week.
There’s also the possibility that the much stricter GDPR regulations will become the standard best practices for technology and internet firms. That might be more likely due to the fact that these firms will need to create those platforms and infrastructure, anyway.
So while Americans won’t necessarily have the legal right to demand or delete data that firms collect, it’s likely that there will be some sort of “spillover” effect in the coming years. What that looks like exactly remains to be seen.