This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/technology/2018/may/02/eu-tech-firms-privacy-emails-gdpr-data-protection-supervisor
The article has changed 6 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| EU: data-harvesting tech firms are 'sweatshops of connected world' | EU: data-harvesting tech firms are 'sweatshops of connected world' |
| (about 17 hours later) | |
| The European data protection supervisor has hit out at social media and tech firms over the recent constant stream of privacy policy emails in the run up to GDPR, calling them them the “sweatshops of the connected world”. | The European data protection supervisor has hit out at social media and tech firms over the recent constant stream of privacy policy emails in the run up to GDPR, calling them them the “sweatshops of the connected world”. |
| With the tough new General Data Protection Regulations coming into force on 25 May, companies around the world are being forced to notify their users to accept new privacy policies and data processing terms to continue to use the services. | With the tough new General Data Protection Regulations coming into force on 25 May, companies around the world are being forced to notify their users to accept new privacy policies and data processing terms to continue to use the services. |
| But Giovanni Buttarelli, the European data protection supervisor (EDPS), lambasted the often-hostile approach of the recent deluge of notifications. | But Giovanni Buttarelli, the European data protection supervisor (EDPS), lambasted the often-hostile approach of the recent deluge of notifications. |
| “If this encounter seems a take-it-or-leave it proposition – with perhaps a hint of menace – then it is a travesty of at least the spirit of the new regulation, which aims to restore a sense of trust and control over what happens to our online lives,” said Buttarelli. “Consent cannot be freely given if the provision of a service is made conditional on processing personal data not necessary for the performance of a contract.” | “If this encounter seems a take-it-or-leave it proposition – with perhaps a hint of menace – then it is a travesty of at least the spirit of the new regulation, which aims to restore a sense of trust and control over what happens to our online lives,” said Buttarelli. “Consent cannot be freely given if the provision of a service is made conditional on processing personal data not necessary for the performance of a contract.” |
| “The most recent [Facebook] scandal has served to expose a broken and unbalanced ecosystem reliant on unscrupulous personal data collection and micro-targeting for whatever purposes promise to generate clicks and revenues. | “The most recent [Facebook] scandal has served to expose a broken and unbalanced ecosystem reliant on unscrupulous personal data collection and micro-targeting for whatever purposes promise to generate clicks and revenues. |
| “The digital information ecosystem farms people for their attention, ideas and data in exchange for so called ‘free’ services. Unlike their analogue equivalents, these sweatshops of the connected world extract more than one’s labour, and while clocking into the online factory is effortless it is often impossible to clock off.” | “The digital information ecosystem farms people for their attention, ideas and data in exchange for so called ‘free’ services. Unlike their analogue equivalents, these sweatshops of the connected world extract more than one’s labour, and while clocking into the online factory is effortless it is often impossible to clock off.” |
| The European Union's new stronger, unified data protection laws, the General Data Protection Regulation (GDPR), will come into force on 25 May 2018, after more than six years in the making. | The European Union's new stronger, unified data protection laws, the General Data Protection Regulation (GDPR), will come into force on 25 May 2018, after more than six years in the making. |
| GDPR will replace the current patchwork of national data protection laws, give data regulators greater powers to fine, make it easier for companies with a "one-stop-shop" for operating across the whole of the EU, and create a new pan-European data regulator called the European Data Protection Board. | GDPR will replace the current patchwork of national data protection laws, give data regulators greater powers to fine, make it easier for companies with a "one-stop-shop" for operating across the whole of the EU, and create a new pan-European data regulator called the European Data Protection Board. |
| The new laws govern the processing and storage of EU citizens' data, both that given to and observed by companies about people, whether or not the company has operations in the EU. They state that data protection should be both by design and default in any operation. | The new laws govern the processing and storage of EU citizens' data, both that given to and observed by companies about people, whether or not the company has operations in the EU. They state that data protection should be both by design and default in any operation. |
| GDPR will refine and enshrine the "right to be forgotten" laws as the "right to erasure", and give EU citizens the right to data portability, meaning they can take data from one organisation and give it to another. It will also bolster the requirement for explicit and informed consent before data is processed, and ensure that it can be withdrawn at any time. | GDPR will refine and enshrine the "right to be forgotten" laws as the "right to erasure", and give EU citizens the right to data portability, meaning they can take data from one organisation and give it to another. It will also bolster the requirement for explicit and informed consent before data is processed, and ensure that it can be withdrawn at any time. |
| To ensure companies comply, GDPR also gives data regulators the power to fine up to €20m or 4% of annual global turnover, which is several orders of magnitude larger than previous possible fines. Data breaches must be reported within 72 hours to a data regulator, and affected individuals must be notified unless the data stolen is unreadable, ie strongly encrypted. | To ensure companies comply, GDPR also gives data regulators the power to fine up to €20m or 4% of annual global turnover, which is several orders of magnitude larger than previous possible fines. Data breaches must be reported within 72 hours to a data regulator, and affected individuals must be notified unless the data stolen is unreadable, ie strongly encrypted. |
| While data protection and privacy has become a hot-button issue in part thanks to the Cambridge Analytica files, Buttarelli is concerned that it is simply being used as part of the “PR toolkit” of firms. He said that there is “a growing gulf between hyperbole and reality, where controllers learn to talk a good game while continuing with the same old harmful habits”. | While data protection and privacy has become a hot-button issue in part thanks to the Cambridge Analytica files, Buttarelli is concerned that it is simply being used as part of the “PR toolkit” of firms. He said that there is “a growing gulf between hyperbole and reality, where controllers learn to talk a good game while continuing with the same old harmful habits”. |
| A new social media subgroup of data protection regulators will be convened in mid-May to tackle what Buttarelli called the “manipulative approaches” that must change with GDPR. | A new social media subgroup of data protection regulators will be convened in mid-May to tackle what Buttarelli called the “manipulative approaches” that must change with GDPR. |
| “Brilliant lawyers will always be able to fashion ingenious arguments to justify almost any practice. But with personal data processing we need to move to a different model,” said Buttarelli. “The old approach is broken and unsustainable – that will be, in my view, the abiding lesson of the Facebook/ Cambridge Analytica case.” | “Brilliant lawyers will always be able to fashion ingenious arguments to justify almost any practice. But with personal data processing we need to move to a different model,” said Buttarelli. “The old approach is broken and unsustainable – that will be, in my view, the abiding lesson of the Facebook/ Cambridge Analytica case.” |
| MPs threaten Mark Zuckerberg with summons over Facebook data | MPs threaten Mark Zuckerberg with summons over Facebook data |
| GDPR | GDPR |
| Data protection | Data protection |
| Privacy | Privacy |
| Europe | Europe |
| European Union | European Union |
| Share on Facebook | Share on Facebook |
| Share on Twitter | Share on Twitter |
| Share via Email | Share via Email |
| Share on LinkedIn | Share on LinkedIn |
| Share on Pinterest | Share on Pinterest |
| Share on Google+ | Share on Google+ |
| Share on WhatsApp | Share on WhatsApp |
| Share on Messenger | Share on Messenger |
| Reuse this content | Reuse this content |