Help us report on whether Europe’s impending new law – the General Data Protection Regulation (GDPR) – is a progressive step towards protecting privacy on the internet. The GDPR comes into effect on May 25 with the intention of giving EU citizens more control of their information, making it the biggest shake-up in privacy rules since the birth of the internet. Businesses that deal with personal data will eventually have to overhaul the way they operate. We want to explore what this means for data privacy: will it help or hurt citizens?
Questions we’d like to explore:
- What does the GDPR mean for users?
- How does it affect businesses?
- US companies must also consider the requirements of the EU-U.S. Privacy Shield Framework, see this factsheet.
- How are businesses preparing for its implementation?
- What does privacy mean to you? Especially online?
- What is considered to be “personal data”?
- Do you believe GDPR will really benefit citizens? Basically, will it work?
- Data Protection Officers are increasing in number – what do their roles entail?
- What upsides for society will the EU walk away from due to GDPR? For example, Facebook’s AI for suicide prevention will be deployed globally except EU. Another example is Article 29 on automatic decision-making, where potential benefits of non-biased automatic systems for credit-scoring, talent screening, etc., might not be deployable in the EU.
Key facts we think are central to this story:
- The regulation will affect organizations outside the EU, as it extends to any that process EU citizens’ data.
- The EU doesn’t give specific guidelines on how to implement GDPR. Companies have to interpret the regulation to their respective contexts.
- Under GDPR, individuals will have more rights, including the right to be informed, to be “forgotten” and to object.
- Brexit won’t affect it – meaning the UK has to conform.
- Accountability is at the heart of the regulation.
Interviews so far, or sought, include:
- Max Schrems, lawyer and privacy expert, known for campaigning against Facebook for privacy violation.
- Albert Gidari, director of privacy at the Stanford Center for Internet and Society.
- Elizabeth Denham, information commissioner at the Information Commissioner’s Office (ICO).
- Cindy Cohn, executive director at the Electronic Frontier Foundation.
- Jon Baines, a Data Protection Officer.
- Giovanni Buttarelli, the European Data Protection Supervisor (EDPS).
Who or what would you add to this story? Use EDIT to add to directly or tell us in TALK