Why is Everyone Updating Their Terms of Use and Privacy Policies?

Finger pushing smart phone with EU flag that has a lock in the middle

Over the last few months my inbox has seen a noticeable increase of emails with titles like, “Important updates to our Terms of Use and Privacy Policy” or “Improvements to our Privacy Policy and Privacy Controls.” You may also have noticed a sudden flood of emails with similar subject lines and wondered why. While we have heard a lot more about privacy concerns in the news lately, these updates are being driven by one thing in particular, GDPR or the General Data Protection Regulation.

What is GDPR?

In 2016, the European Parliament passed sweeping legislation to provide citizens with a greater level of control over their personal data and require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Companies and organizations were given two-years to get in compliance with the new regulations or face heavy fines. May 25, 2018 is the date that GDPR goes into effect.

What are the new regulations?

There are several main changes that companies must now follow. If they are not in compliance they will be fined 4% of annual global turnover or €20 Million (whichever is greater).

  • Breach Notification: Companies must notify users within 72 hours of a data breach.
  • Right to Access: Everyone has a right to their own information. If requested, personal data must be turned over, free of charge, in an electronic format.
  • Right to be Forgotten: If there is information about you online that is harming you then you can request to have it removed. Companies will have to take into account the public interest in the information.
  • Data Portability: Companies need to provide your personal information to you in a commonly used and machine readable format that can be transferred to another service.
  • Privacy by Design: When designing services (e.g., websites, apps), businesses must consider how to keep user information protected. It should be built into the design, not an afterthought.

Who does this effect?

You may be asking yourself, “What in the world does this have to do with me, isn’t this just a EU regulation?” Well, yes and no. GDPR effects any business that handles the personal data of someone living in the EU. As we all know, the internet is worldwide. Many businesses have customers living not only in Europe, but the United States, Australia, Brazil, etc. GDPR requires companies to change how they collect, store, and share customers’ information. Instead of restricting that to just those living in Europe, many are choosing to bring the new requirements to all their customers. This is why all of us in the United States are seeing the updates to Terms of Use and Privacy Policies.

Due to the Right to Access provision in GDPR you can now request a copy of all the data a company has collected about you. Sometimes this has to be done in writing, while others are starting to roll out instant downloads.

What privacy regulations do we have here?

The United States has yet to adopt any broad privacy regulations like GDPR. However, California implemented their own Online Privacy Protection Act (CalOPPA) in 2014. This law that requires commercial websites and online services to post a privacy policy. CalOPPA applies to any person or company in the United States (and conceivably the world) whose website collects personally identifiable information from California consumers.

Read our Privacy Policy to learn what steps we take to ensure your privacy at the library. You can also earn more about how to protect your privacy by using our Virtual Privacy Lab to create personalized toolkits filled with links, tips, and resources to help you live a safe and confident online life.

Comments

Should be "Whom does this affect?"

Now this explains why there is a huge list of this kind of emails. Keep up the good work.

Add new comment

Comments are expected to follow the basic rules of civility and be relevant to the topic being commented upon. Comments will be reviewed prior to posting. Blog comments represent the views of the person commenting, not necessarily those of San José Public Library. For more information see SJPL's Comment Guidelines.