How Data Privacy-Minded Americans Can Prepare for GDPR

If you’re a subscriber to email newsletters, you’ve probably received a barrage of updates regarding GDPR and how your data will be used going forward. Tomorrow, May 25, 2018, these new European Union (EU) rules pertaining to data collection go into effect. Some forecasters have predicted doom and gloom— and they aren’t entirely off-mark. The public debate over GDPR has been nothing short of confusing.

What does this mean for Americans? How are we affected? Does this actually promote privacy, or allow government(s) to still keep great tabs on you? This is interesting timing given the aftermath surrounding the Facebook -Cambridge Analytica “scandal.” 

(If you haven’t downloaded your Facebook data yet, I explain the process here.)

Here’s a message I sent out to my newsletter subscribers about the subject matter:

Hi _______,

I appreciate you subscribing to my weekly newsletter! Whether you are a longtime subscriber or new one, I greatly appreciate your willingness to allow my newsletter to land in your Inbox every Monday morning.

I’m writing to you today about the European Union’s Global Data Protection Regulation (GDPR) changes slated to go into effect on this Friday, May 25, 2018. (More on GDPR here.) Although we in the U.S. aren’t regulated by the E.U., marketers who deal with Europe or have some interaction with people there are required to modify their email forms to comply with these new standards. 

While I have some issues with the GDPR, I want to ensure I comply with the new rules with respect to data privacy. I haven’t and don’t plan to use your emails for purposes other than this newsletter. It wouldn’t be within my right nor do I believe violating privacy is the way to go. 

As a favor to me, let me know if you’re still interested in receiving my weekly updates. If you’d like to continue hearing from me, please update your subscription settings below.

Happy trails, everyone!
Kind regards, 

Gabriella Hoffman
Media Strategist & Consultant

 GDPR Explained and Why It Affects Us in the U.S.

GDPR stands for General Data Protection Regulation. It was approved by the European Union in 2016, and will go in effect Mary 25, 2018. It amends a previous EU privacy directive called Directive 95/46/EC (the “Directive”). This previous standard has been in law since 1995.

MailChimp describes GDPR as “binding act, which must be followed in its entirety throughout the EU.” Their GDPR guide adds it’s an ” attempt to strengthen, harmonize, and modernize EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organizations may obtain, use, store, and eliminate personal data. It will have a significant impact on businesses around the world.”

Hmmm. A Verge article describes GDPR as the following: “GDPR is an ambitious set of rules spanning from requirements to notify regulators about data breaches (within 72 hours, no less) to transparency for users about what data is being collected and why.”

GDPR will emphasize stricter provisions related to consent and processing requirements, as well.

Now that it’s a bit clearer as to what this law is, how the heck does it affect us here in the U.S.?

Major takeaway: If you are simply collecting an email that belongs to someone who resides in the EU, GDPR applies to you.

Per that aforementioned MailChimp report, this law will impact “(1) all organizations established in the EU, and (2) all organizations involved in processing personal data of EU citizens. The latter is the GDPR’s introduction of the principle of “extraterritoriality”; meaning, the GDPR will apply to any organization processing personal data of EU citizens—regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to any organization anywhere in the world, and all organizations should perform an analysis to determine whether or not they are processing the personal data of EU citizens. The GDPR also applies across all industries and sectors.”

The second provision should be noted, as its reach could exceed its intended scope. We won’t know what they’ll look like until they are enacted.

What These New Rules Look Like

Nobody is prepared for these GDPR rules, whether they are businesses or the EU regulators. Will it adversely affect businesses, or do what it actually sets out to do? Given the EU’s track record —it’s a bureaucratic monstrosity, after all—we should expect the worst or at minimum, have a dim view of GDPR.

I’d like to be proven wrong.

The Concerns Americans Should Have About GDPR

If companies that do business with the EU fail to comply with these new standards, there could be fines imposed by regulators. One idea that has been thrown around is fining violators of the new rules a share akin to 4 percent of a company’s global revenues or a penalty equally 20 million Euros. Yikes! That’s obtuse and obscene. If a small business whose net worth isn’t in the millions breaches GDPR rules, their operations could be shut down. Think about scenarios like that.

Peter Thiel—PayPal co-founder and conservative tech leader in Silicon Valley—said Europe’s dabbling with GDPR is out of jealousy to punish countries like ours. Thiel said the following remarks in March:

“The good reasons are these privacy concerns and the bad reasons are there are no successful tech companies in Europe and they are jealous of the US so they are punishing us,” he said at the Economic Club of New York on Thursday.

Thiel acknowledged that “privacy in a digital era deserves to be rethought” but said that “as a libertarian I always dislike regulation”.

Moreover, some major companies like Google that say they plan to comply with GDPR are hypocritical, in the minds of publishers. Per Ad Age:

But some publishing executives say Google’s public statements don’t match its actions, arguing that the company is really using its dominance in the digital ad ecosystem to improve its advantage while giving publishers the short end of the stick.

Last month, some prominent conservative groups were approached by Facebook to sit-down about the implications of GDPR here in the U.S. While the intentions outlined above seem noble, don’t turn a blind eye to some of the issues surrounding GDPR.

There is no doubt the methods for which data is collected—whether by government or private entities for nefarious reasons—concerns us here in the States. (As it should.) However, can we put our confidence in an entity like the E.U. to safeguard people’s information, especially in the fashion they’ve laid out? That remains to be seen. It’ll be interesting to see what transpires after this is implemented. This American is cautiously pessimistic….

###

What did you think of this piece? Am I on-target or off-mark?

As always, I recommend you follow me on FacebookTwitterInstagram, and YouTube to stay in the loop with my musings. Subscribe to my newsletter–now LIVE. Chime in below with your comments!