The General Data Protection Regulation (GDPR) is a directive from the European Union that aims to “protect all EU citizens from privacy and data breaches in an increasingly data-driven world.” By updating regulations that are old enough to drink, the EU has set the stage for lawmakers to appropriately and effectively deal with the privacy crisis affecting so many people today.
And one week in, the tech community is already feeling the effects.
With a strict start date of May 25th, the GDPR has been instituted swiftly. A number of tech companies have taken hits in the form of gigantic lawsuits, inboxes around the world have been inundated with privacy policy updates, and a disturbing trend has emerged in regards to the financial future of your data.
On the Chopping Block
In the many months leading up to the installation of the GDPR, big tech companies knew that something was coming their way. After congressional hearings on the questionable use of data touched every newsfeed in the world, companies like Facebook and Google had to assume that the new regulations would be aimed at them. And, thanks to one privacy activist, their assumptions were immediately justified.
Read More: Tech Companies Access Data. But What About Your Boss?
On the first day of the EU’s enforcement of the GDPR, Austrian lawyer Max Schrems filed $8.8 billion worth of lawsuits against Facebook, Google, Instagram, and WhatsApp. The lawsuits allege that these two companies (Instagram and WhatsApp are owned by Facebook) are “forcing consent” on their users by providing no other options when it comes to data sharing.
“They totally know that it’s going to be a violation,” said Schrems to the Financial Times. “They don’t even try to hide it.”
The GDPR does specifically require that apps like Facebook and Instagram provide particularized data sharing options for users that only want to provide some of their data. However, despite the lawsuits, both companies released statements insisting that they are respectively “committed” and “prepared” to complying with the GDPR.
Although, it would appear at least Facebook is using some pretty sketchy tactics to get people to sign off on their new privacy policy.
The Great Privacy Policy Update
If you’ve used the internet for anything in the last week, you’ve likely seen no less than one hundred privacy policy updates come across your screen. They may have been hideous banners at the bottom of the screen or pop-up messages that require your consent. More likely, however, they came as a tidal wave of emails begging you to see “what’s new with our privacy policy.” Fortunately, there’s a good reason why.
The GDPR demands that any company using their users’ data must get consent and inform said users of how they’re using it. Unfortunately, tech companies are a lot like middle school students: if you give them two years to complete an assignment, they’ll probably still wait until the last week to pull it off, which is why all of these privacy policy updates are coming in at the same time.
Despite this effort to inform users of how their data is being used, the reality is that privacy policies are effectively unreadable. Polls (and common sense) show that almost no one will read the new guidelines because the complicated nature and lack of interest prove that when it comes to an individual’s data, this is a fight between tech and government.
Did you read any of the privacy notices you got via email?
— Entrepreneur (@Entrepreneur) May 29, 2018
Pay for Privacy
Complying with the GDPR is hard, but that’s the point. Laws have been playing catch-up to the advancement of technology for a while, and these regulations out of the EU are the first step in making sure privacy doesn’t go the way of the pager and disappear. However, as it is an EU regulation, US companies have the option to simply cut off all ties to European data rather than comply. And that’s exactly what one publication has done. Kind of.
Instead of outright banning EU readers from their site, the Washington Post decided that the GDPR might actually provide an opportunity to make a little money. By allowing readers to purchase an “EU Premium Subscription,” users will have access to a completely ad-free experience in which the Washington Post won’t monitor your data at all. For only $90 a year ($30 more than the basic subscription), you’ll have your privacy back. How nice!
“This is something we’ve been working on for a long time to create transparency, minimize friction for our readers and ensure compliance,” said Miki King, Vice President of Marketing at the Washington Post to Digiday. “Our approach was to give readers an additional option beyond our consent-based offerings of free limited access or a subscription. We’ve now added a third option that offers no third-party tracking or advertising at a premium.”
Unfortunately, the precedent this sets is a dangerous one. In addition to the Washington Post simply side-stepping regulations designed to make the data-drive world of today a little bit safer, they’ve also made online privacy a quantifiable commodity that can be bought.
Data and ad revenue are becoming more regulated every day, cutting into the means by which tech companies make money. Setting a precedent that allows companies to charge for increased privacy could be a slippery slope to a future in which the data gap follows the same guidelines as wealth inequality.
Read more about online security on TechCo
