Modern field guide to security and privacy

How Europe's new privacy rules affect entire digital economy

The European Parliament on Thursday adopted a single set of rules on Internet privacy safeguards, giving individuals much more control over how their information is handled by both European and American tech companies. 

Vincent Kessler/Reuters
Members of the European Parliament take part in a voting session in Strasbourg, France, on April 12.

After four years of negotiations, the European Parliament on Thursday adopted sweeping privacy reforms that will not only change how the European Union handles personal data but will have ripple effects across the entire global digital economy.

The General Data Protection Regulation (GDPR) provides a single set of rules on Internet privacy safeguards, giving individuals vastly greater control over how their information is handled by both European and American tech companies. 

In fact, the data regulations, which take effect in 2018, extend Europeans' so called "right to be forgotten" – a two-year-old policy that gives Europeans the chance to erase their checkered past or erroneous posts from Google's search results – to any type of international company such as data brokers or retailers that collects digital repositories of Europeans' personal data.

And companies that don't comply with the rules will face fines of up to 4 percent of their worldwide annual revenue or 20 million euros, whichever is greater.

"This is the biggest legislative development in data protection law worldwide for the last 20 years," says Christopher Kuner, codirector of the Brussels Privacy Hub, a privacy research center.

"Companies will have to get their house in order," he says. "They’ll be dealing with a much more complicated and strict set of requirements and even though there is a period of two years before it comes into force, it really raises the stakes for companies."

The new data protection law will replace a previous rulebook that dates back to 1995, before widespread Internet usage.

Within the next two years, businesses must be prepared not only to comply with the new rules but to develop new mechanisms such as transparency reports to show regulators they are abiding by the privacy regime.

Additionally, the regulations require companies to report data breaches within 72 hours and larger companies will have to employ data protection officers.

The data protection rules also come as Europe is working to bolster data and information sharing in the wake of increasing migration to the continent and recent terrorist attacks in Paris and Brussels.

Also this week, the European Parliament passed a law to allow airlines to share passenger information with EU members. After resolving privacy restrictions that date back to 2011, the Passenger Name Record system will require airlines to share passenger information such as itineraries, means of payment, and baggage information with authorities in EU destination countries.

Even though Europe is changing laws that had previously blocked some government surveillance efforts, Europe is still resistant to sharing information with US spy agencies. Earlier this week, data protection watchdogs in Europe sharply criticized a proposed data sharing plan known as Privacy Shield between the US and EU over surveillance concerns.

Indeed, the debate over increased data privacy versus national security is very much alive in Europe. 

"The EU has to take a firmer stand on data protections," says Thomas Lanson, a researcher at the Paris-based French Institute for International and Strategic Affairs. "But it also has to find a way to combine security measures and privacy protections."


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to