As citizens of Britain and Europe, we’re the lucky ones. In the aftershock of the Cambridge Analytica data scandal, it’s come to light that Facebook is excluding billions of its users from European privacy laws.
It’s a move widely interpreted as avoidance of the upcoming, tougher General Data Protection Regulation (GDPR): Facebook has moved 1.5 billion users from the sanctity of its Ireland international headquarters to the US.
This will affect more than 70% of its two billion users, who will no longer be protected under the GDPR when it comes into play on 25th May 2018. For the rest of us 370 million Facebook users in Europe, we may feel we have the luck of the Irish in comparison.
But do we really? Does the GDPR go far enough to protect data privacy against the Facebooks, Googles and Cambridge Analyticas of the world?
The Facebook scandal spurred much praise for the GDPR which, as the most lobbied piece of EU legislation ever with 3,999 amendments, is a mighty turnaround. However, the European Parliament on 18th April 2018 warned that the GDPR is just the beginning and won’t be enough to rein in the big tech companies.
With the GDPR safely put to bed, MEPs are now in tense discussions over the next big data privacy law coming our way: the ePrivacy bill. This will replace the ePrivacy Directive 2012, which is now widely considered ineffective.
What is the ePrivacy Regulation?
The EU ePrivacy Regulation broadens the scope of the current ePrivacy Directive. It takes on board all definitions of privacy and data introduced under the GDPR and clarifies and enhances them. It’s particularly specific in areas of unsolicited marketing, cookies and confidentiality.
Marketers will clearly be affected by the ePrivacy regulations, but the strict privacy safeguards will also apply to telecoms companies, as well as digital services like Facebook, Skype and WhatsApp.
- Unsolicited marketing under ePrivacy: Marketers will no longer be able to send emails or texts without prior consent from each email or mobile account holder.
- Confidentiality under ePrivacy: This broadens the remit of the current directive to include online communications under the same framework as traditional telecommunications providers. Digital providers such as Gmail, Facebook, Skype, WhatsApp, Viber and so on, are now required to provide the same level of customer privacy as bricks and mortar businesses. This requires that they use the best available techniques and safety features on the market. Metadata should be treated exactly the same as the actual content of the communication and forbids unauthorised interception. You can find out more here.
But let’s not get ahead of ourselves. If you’re still in the throes of planning for the 25thMay GDPR deadline and need help with training, check out our online Me Learning courses. Click here for more information.