The most talked about day of the last two years is almost upon us. The European General Data Protection Regulation (GDPR) will come into force tomorrow, promising much stronger rights and safeguards for users’ personal data. For now, the main effect it has had has been, paradoxically, to irritate the very people it is supposed to protect, due to the deluge of emails we have all received from companies seeking fresh consent.
Are DPAs ready for the consistent approach required by GDPR?
Among the significant changes it will bring about, the GDPR includes detailed rules for Data Protection Authorities to adopt consistent approaches and interact more regularly and effectively with one another. To this end, the newly founded European Data Protection Board will play a key role in overseeing the consistency mechanism created by GDPR. Assembly’s research shows there are still striking differences in funding and staff across DPAs.
How are European data protection authorities approaching GDPR?
The entry into force of GDPR is now imminent. Assembly’s Privacy and Data Protection Tracker has analysed and compared the approach taken by Data Protection Authorities in various countries, to prepare businesses for the new regulation. Differences in approaches across countries remain, although the pan-European nature of GDPR means companies can find useful insight in the activity of all DPAs across the EU.
Where next for the regulation of Facebook?
After the emergence of large-scale data breaches on Facebook’s platform, CEO Mark Zuckerberg accepted to appear before the respective parliamentary committees of the US Senate and Congress. The hearings highlighted that US politicians are now turning their attention to social media platforms, but have no coherent plan (and unclear intentions) on the measures to adopt. At the same time, there are clear indications that the EU’s GDPR will become a benchmark for data privacy worldwide.
Facebook’s privacy practices will now face thorough scrutiny
What started as criticism for not doing enough to spread disinformation online is now quickly escalating into inquiries about the way in which Facebook allows third parties to access its users’ data. Allegations that Facebook’s data have been misleadingly obtained, and used to profile approximately 50m users to run targeted political campaigns, have now prompted the Federal Trade Commission (FTC) to investigate the company’s privacy practices.
The EC’s Digital Tax faces a long road ahead
The European Commission has today launched a new proposal to adapt the taxation system of the digital economy, in which value is created in countries where a business does not have a physical presence. The EC proposes to introduce a taxable “digital presence”, fulfilling one of three criteria (at least €7m turnover per year in an EU country; more than 100,000 users in a member state in a year; or more than 3,000 business contracts in a state in a year). It also proposes an “interim tax”, which will apply to revenues created from online advertising.
Tech companies should take down illegal content in one hour
The European Commission issued today a set of “operational measures” to tackle illegal content online. This also includes terrorist content and hate speech. Tech companies are recommended to follow a “one-hour-rule” to take down terrorist content and to implement faster detection systems, including automated ones. Tools should also be shared with smaller companies. Businesses will have to submit information to the EC about their compliance with this Recommendation within three months.
European Commission still unclear on how to tackle fake news
On 27 February 2018, the European Commission held the second multi-stakeholder meeting on the problem of fake news. The meeting is part of a series of events, and of a comprehensive initiative the EC is taking to address the issue. During the event, it was clear that the EC’s position is still far from being defined. On the other hand, the advertising industry is advocating for light-touch regulation and is defending its own ability to enforce self-regulation.
Policymakers turn their attention to fake news, hate speech and addiction
Tomorrow, the European Commission will host a colloquium in Brussels on the issue of “fake news”, which will see the participation of experts and industry representatives. This is very likely another step toward legislative intervention, which could come in the form of a Recommendation from the EC.
Consumer protection rules get stronger for big tech across the EU
In February 2018, the European Commission issued a statement outlining the progress made by the three main social media platforms (Facebook, Twitter, and Google+) toward improving consumer protection, based on the requirements it made in March 2017. The EC found that Facebook and, to some extent, Twitter, still have work to do to fulfil the requirements. The EC’s strengthened approach to consumer protection in online platforms is a further example of the increased regulatory scrutiny on tech companies. It also shows how the rules of the countries where their users are will prevail over those of the company’s establishment, in line with the principles set out in the General Data Protection Regulation.
