Special Briefing: Europe’s New Privacy Regime

Special Briefing: Europe’s New Privacy Regime

By OZY Editors


The flood of privacy notices you received last week in your inbox could signal a shift in how internet privacy works.

By OZY Editors

This is an OZY Special Briefing, an extension of the Presidential Daily Brief. The Special Briefing tells you what you need to know about an important issue, individual or story that is making news. Each one serves up an interesting selection of facts, opinions, images and videos in order to catch you up and vault you ahead.


You’re announcing what? With subject lines like “Announcing updates to our privacy policy,” a surge in privacy notices flooded inboxes last week as many tech companies scrambled to update their terms and conditions before the General Data Protection Regulation, or GDPR, took effect on May 25. The new European Union data privacy law, which passed in 2016, compels firms that gather user data to allow those users to see, as well as opt to delete, the information that’s been collected — or face fines of up to $23.5 million, or 4 percent of a company’s revenue. It’s called “privacy by default,” and the way European officials see things, it’s a basic human right.

Gettyimages 942733706

Facebook and Google have already been sued by Austrian privacy activist Max Schrems for a combined $8.8 billion on the law’s first day.

Source Richard Atrero de Guzman/Getty

Why does it matter? Although it’s a piece of European legislation, the GDPR’s consequences will be felt worldwide. In an increasingly globalized world, where U.S.-based companies regularly operate inside the EU, it’s easier for major firms to adopt blanket policies across regions. That means American users — at least two-thirds of whom want stricter privacy policies — will also reap the benefits of the new regulations.



It’s about time … The European Parliament’s approval of the GDPR in 2016 was the first time since 1995 that privacy guidelines in the EU — which has traditionally been tougher on personal data collection — had been adjusted.

… and it’s time to get in line. The new regulations can potentially hit anyone in the European Union that uses data collection in their business model. Facebook and Google have already been sued by Austrian privacy activist Max Schrems for a combined $8.8 billion on the law’s first day. But they’ll be fine. Smaller companies will find it harder to comply without the ability to either cough up, or fight, a fine. For example, analytics firm Klout, marketing tech agency Drawbridge and mobile marketer Verve have all decided to leave Europe or close.

Gettyimages 856983068

Max Schrems leaves the High Court in Dublin.

Source Brian Lawless/Getty

That’s not all. Little-known data-broker companies that sell large data sets of personal information will also be in the crosshairs of regulators. In fact, compliance issues could impact any firm that stores personal data — that means car companies, banks and health care providers. Time will tell where regulators focus their attention and how much companies can get away with.

And there’s more to come. Email boxes will still be full when Europe’s next internet privacy battle is waged. The ePrivacy Regulation law, approved by the European Parliament and under review by the Council of the European Union, would require companies that provide private electronic communication like Skype and WhatsApp to obtain people’s explicit permission before collecting data about their communications. Industry groups have had a massive lobbying campaign against the law and warn it could cost businesses about $640 billion annually.

The light side of heavy regulation. With its 88 pages of legalese and technical-speak, the GDPR isn’t exactly easy reading — yet still, it’s fueled a flood of memes, tweets and more poking fun at the bureaucracy it represents. Rian Johnson, the director of The Last Jedi,tweeted out a parody of the Star Wars opening credits with lines like “We have updated our GLOBAL PRIVACY TERMS.” A Spotify GDPR playlist with tunes like “What’s Your Name?” even became a viral sensation.


Europe’s New Privacy Law Will Change the Web, and More, by Nitasha Tiku at Wired

“In short, the law is a chance to flip the economics of the industry. Since the dawn of the commercial web, companies have been financially incentivized to hoover up data and monetize later. Now, EU consumers will have the freedom to opt in, rather than the burden of opting out.”

The GDPR and Our Balkanized Internet, by Jeff John Roberts in Fortune

“Just as the Ottoman Empire and Yugoslavia fractured into a series of smaller states, the same thing is happening to what we once dubbed the ‘world wide web.’” 


GDPR: Why You Just Got Bombarded With Privacy Policy Updates

“GDPR’s idea of consent is a lot more intense than previous regulation, so companies have to ask for permission more often.”

Watch on The Verge on YouTube

Comedian John Oliver on the Right to Be Forgotten

“Nothing you are embarrassed of on the internet is ever going away.”

Watch on Last Week Tonight With John Oliver on YouTube


Blockchained. Is the blockchain technology that powers Bitcoin transactions compatible with Europe’s new privacy rules? The new regulation appears difficult to square with the technology, because if one were to modify data from one block, it would affect all subsequent blocks in the chain. But new blockchain projects are researching how — or if — they could design their products to be GDPR-compliant.