GDPR

privacy notice - Introduction

Almost everybody who uses an online service or app that handles their data has been getting a flood of emails advising of privacy-policy changes. And it's not in the U.S. behind the tech industry's recent flurry of updates. Instead, the European Union has been driving these changes with a sweeping set of privacy rules that will go into effect May 25 - and which are also yielding benefits on this side of the Atlantic. The EU's General Data Protection Regulation (GDPR) will require compnaies that handle the data of EU residents to provide them with far more control over that data. Among the key provisions of this roughly 54,000-word document:

# Companis have to obtain users' permisssion in much more detail before using their information for marketing or advertising.

# They have to let users inspect the data they've collected and correct it on request - then delete it when it's no longer needed.

# They must allow users to download their data in a format they can then take to a competing service - what's called data portability.

# People can challenge algorithmic decisions that effect them sihnificantly and ask that humans instead.

The GDPR says nothing about how companies treat customers in other countries. But many U.S. firms that have had a rewrite privacy policies for Europe to avoid fines that could cost them billions of dollars are carrying over these changes to the Staes for simplicity. THat has privacy advocates pleasantly surprised.

Indeed, many GDPR-driven privacy-policy rewrites take more care to describe how a compnay handels your data and offer clearer opt-outs to some of those uses. Another frequent change: simpler interface to adjust these settings, such as the revised privacy center e.g. Facebook will soon ship. But for American users, the GDPR's greatest gift is data-portability mandate. When you can take your data and your business elsewhere, you have much more leverage as a customer.

Recently Instagram added an option to download your data, finally catching up to the data-export feature its corporate parent Facebook rolled out in 2010. Apple added its own data-portablility feature as part of a round of GDPR-driven changes. Expect more changes such as this.