The GDPR is finally here (hooray!). The new data privacy regulation that covers EU citizens (and, yes, those in the UK even after it leaves), is now in force across Europe. Designed to give more control to individuals over how their data is collected and processed, the GDPR has been a hot topic for months in the UK, but seems to have caught some in the US by surprise.
Here at Vuelio, we’ve embraced the General Data Protection Regulation and have done everything we can to prepare our users and the communications industry for the biggest data protection upheaval in 20 years. Not only did we publish white papers, guides and Q&As, spoke at events and hosted a webinar, we also upgraded our software to cater to the industry’s needs.
Unfortunately, it seems not everyone was so prepared. Even though the GDPR has been on the horizon for years, many businesses have clearly been caught without a plan, including large corporations on the other side of the pond.
Publisher Tronc’s papers, including the LA Times and Chicago Tribune, now all carry the same message on their websites to European visitors, denying access. This appears to have irritated Andrea Jelinek, head of the EU’s Data Protection Board, who said in an email to Bloomberg: ‘GDPR didn’t just fall from heaven. Everyone had plenty of time to prepare.’
As reported by the Columbia Journalism Review (CJR), other US news sites have approached the GDPR issue in a different way. USA Today, for example, has stripped away most of its ad-related software; while the US version is over 5MB and has over 800 ad-related requests in the website’s code, the EU version is less than half a megabyte and contains no third-party content at all. CJR believes this will impact publishers who are already struggling with digital revenues, which rely on ad tracking software.
It’s not just publishers. Wilbur Ross, US Commerce Secretary, has spoken out against the GDPR, suggesting it would make EU trade with any other nation much harder. Writing in the Financial Times, Ross said: ‘As currently envisioned, GDPR’s implementation could significantly interrupt transatlantic co-operation and create unnecessary barriers to trade, not only for the US, but for everyone outside the EU.’
Ross also expresses concern about governmental cooperation, claiming the GDPR has created ‘unclear legal obligations’ and that the US Government does not have ‘a clear understanding of what is required to comply’. He obviously hasn’t read our white paper, The GDPR Made Simple.
Silicon Valley, responsible for a large slice of Europe’s digital services, is no doubt lobbying the US Government to do what it can to relax laws, but it’s hard to see what ground can be made (especially as the EU has been preparing for the regulation since 2016).
That Google and Facebook were both reported for breaching the GDPR on 25 May was inevitable, but it’s made the US situation much more desperate. Both companies claim they have spent months preparing and believe they are compliant (Mark Zuckerberg also recently said the company believes in the rules and are rolling them out globally), but with potential fines reaching up to 4% of turnover, which in Google’s case would equate to nearly $4.5bn, if they’re wrong then the consequences will be devastating (for Google).
The GDPR is here to stay, and for those that have prepared, it’s a manageable addition to data privacy laws. But for whole nations, including the US, it’s now become a blockage that has the potential to change the face of global digital services forever.
Need help with GDPR compliance? Vuelio is here to help – find out more.