Europe’s Data Regulators Set to Enforce New Powers - http://ezmoneyonlinefromhome.com | how to make money online

May 24, 2018 10:02 pm
Categorised in:

BRUSSELS—Europe’s data-protection regulators are preparing to brandish their new enforcement powers shortly after the bloc’s new privacy law, known as the GDPR, enters into force Friday.

The European Union’s General Data Protection Regulation foresees steep fines for companies that don’t comply with the new rules, aimed at giving Europe-based users more control over the data companies hold on them.

Companies are unlikely to be blindsided with harsh penalties on Friday, because the rules don’t apply retroactively. And any cases will take time for privacy regulators to investigate. But sanctions for violations are likely to come soon, the EU’s top privacy regulator warned.

“I’m sure you won’t have to wait for a couple of months,” said Andrea Jelinek, about when the first fines could land. On Friday, Ms. Jelinek is expected to be voted in as the head of a new European Data Protection Board, which includes national data-protection regulators from each of the EU’s 28 member countries.

As of Friday, firms that violate the EU’s privacy rules risk fines as high as 4% of their global revenue.

Companies will be required under the GDPR to report data breaches within several days. In addition, companies will often need to obtain users’ consent to process their personal information. Customers will have the right to see what data companies hold on them and can request for some to be deleted. Companies are responsible for showing they are complying with obligations.

Firms of all sizes have been racing to overhaul their systems in time for the deadline to show that the way they gather and handle information about Europeans follows the rules.

Speaking at a press briefing, Ms. Jelinek said companies should have had plenty of time to comply with the new law, given that the regulation was adopted in 2016. Lawmakers delayed the law’s implementation by two years to give the companies that time. “The situation isn’t new,” she said.

Aggressive potential penalties are likely to affect some business decisions. Large enterprises acquiring small startups that use personal data might decide against launching a service in Europe, out of concern that the startup could expose the parent to a fine based on the entire enterprise’s revenue.

“If I could choose between [launching a data-related business] in Paris and in New York…I’m going to at least advise the business people to do it in New York,” said David Hoffman, global privacy officer at Intel Corp.

GDPR arrives as Facebook Inc. is still struggling to contain the fallout from revelations that data-analytics firm Cambridge Analytica improperly obtained the personal information of as many as 87 million users of the social network.

Facebook CEO Mark Zuckerberg visited European Parliament on May 22 to answer questions about the scandal, which EU officials say only reconfirmed the need for the new privacy rules and helped promote the legislation to the broader public.

The EU’s national privacy regulators, who are each also in charge of tasks like authorizing firms’ data transfers abroad, are unlikely to have the bandwidth to crack down on large numbers of companies across different sectors. Tech companies that profit from users’ data are therefore likely to be prime targets, said EU Justice Commissioner Vera Jourova. The data-protection authority of Ireland has said it would prioritize cases where large numbers of users’ data is processed, which it considers higher-risk.

One still-unsettled question is exactly what data companies can collect. Companies are arguing that certain types of information are necessary to fulfill a contract with the user; meanwhile, activists are planning to challenge some large companies over that question.

Dale Sunderland, deputy commissioner at Ireland’s privacy regulator, said the agency was leading a group of data-protection authorities who are investigating that particular issue. He said he expects the EU’s privacy regulators to publish a paper on the topic in the fall.

“We believe that we collectively need to look into and address this matter to provide clarity for the use of contractual necessity for free online services,” Mr. Sunderland said.

On Thursday, Facebook’s Mr. Zuckerberg told a tech conference that his company has worked hard to comply with the GDPR, including by asking users to opt-in to see targeted ads on Facebook based on their use of other websites and apps.

“The vast majority of people choose to opt in,” Mr. Zuckerberg said, “because the reality is, if you’re going to see ads on a service, you want them to be relevant and good ads.”

Companies aren’t the only ones scrambling to get into shape with the new law. The European Commission, the bloc’s executive body, said eight countries including Belgium, Bulgaria and Hungary were late in implementing the necessary national legislation for GDPR. The commission can launch court proceedings against any member state that fails to implement EU legislation.

Regulatory agencies in other countries worry they are under-resourced for the workload expected to come down the pipeline, Ms. Jourova, the justice commissioner, said.

Asked about the issue of resources, the data-protection board’s Ms. Jelinek said, “We will try to do our best and we will act in a very professional way.”

Write to Natalia Drozdiak at natalia.drozdiak@wsj.com and Sam Schechner at sam.schechner@wsj.com


Related Posts