GOLDEN VALLEY, Minn. -- You may have noticed a barrage of emails and alerts from companies in your inbox, updating you on changes to their privacy policies, but don’t ignore the legalese.
All those privacy messages are appearing now because a law called the General Data Protection Regulation (GDPR), passed in the European Union last week, and they contain information important to digital privacy rights in an era where online information is at risk.
“Most people their natural reaction is ‘delete’, and not to read those,” said Adam Stone, Chief Privacy Officer at Secure Digital Solutions in St. Louis Park, a company specializing in information security.
Stone advises otherwise as a consultant who often writes those privacy policies for companies.
“There is a lot of interesting stuff in those policies, stuff people should know, because it outlines the way companies, use, store, share and safeguard the data they've got about,” said Stone.
The GDPR law is considered the world's strongest protector of digital privacy. It applies to United States companies with business overseas, but has broader impact, leaving any US business with a web presence with homework to do.
Under GDPR, companies are required to ask to collect your data, to ask for consent to communicate with customers. It gives consumers more control to update, change, or correct data, and the right to figure out who is processing their data, potentially even a third party that might receive information.
The law says customers have the right to share only data that is necessary, ask a company to erase or pull data and take it to a new service.
With more notice and disclosure, GDPR requires companies to tell users about data breaches that could affect them, and requires terms of service agreements to be more understandable, and consumer friendly.
To Stone, consumers should be encouraged the shift in the EU could signal a new norm here in the United States.
“As a consumer, it gives me a sense of trust in the companies I choose to do business with and frankly in the internet age, trust is a key currency.”
Facebook CEO Mark Zuckerberg said during his congressional testimony that his company would apply the G.D.P.R. standards its business across the world.
In the wake of GDPR, Twitter and Facebook recently introduced new privacy controls, so customers can poke around privacy settings and see if there are any new restrictions they can put on their data.