> What Shoshana Zuboff calls “surveillance capitalism” is going to be illegal a year from now in the EU anyway, thanks to the General Data Protection Regulation, aka GDPR. Mark your calendars: on 25 May 2018 will come an extinction event for adtech, because here are the fines the GDPR will impose for unpermitted harvesting of personal data: 1) “a fine up to 10,000,000 EUR or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (Article 83, Paragraph 4)”‘; and 2) “a fine up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (Article 83, Paragraph 5 & 6).”
GDPR will be "great stuff" because it imposes user protection and grants basic rights.
- individual mandatory notification for possible adverse impact of data breaches
- right to be forgotten -> right to erasure
- data portability (hello ... Apple Health, Google Fit, Microsoft Office extended/unportable format, whatsoever)
- verifiable explicit consent for data collection (purpose included)
These are the things that makes me proud of the EU, and I just wish that GDPR were made more visible to the general public.
The last time one of these "ordering services" [https://www.justeat.it] targeted me with ads (via sms), I tracked back the data, crawled the web for their mails, sent them a good list of laws, so they have been forced to reply and delete all my personal data in a timely manner.
Never seen a single ad again, I am unsure this would have worked in the US.
Please remember that the laws are only modeled on the EU directives, one have to expect a substantial compatibility, but the specific terms may change on a country basis.
One of the aims of the GDPR has been to standardize the protection, zeroing the differences.
Specifically ask the removal of any information that may lead to any form of authentication (prior or post any processing, the deanonymisation trick is not allowed).
You just need to prove they have obtained your data in violation of anyone of the provisions.
In my case "they incorporated a company, embedding the data in the datastore in such a way that they violated the term of service of the previous company, their own tos (I never subscribed to their website yet they insistently phoned and texted me) and the actual privacy law, adding to this the delete form was unmaintained and didn't work, which is another violation".
Edit: sorry for the multiple updates, I am typing from my iPhone.
GDPR will be "great stuff" because it imposes user protection and grants basic rights.
- individual mandatory notification for possible adverse impact of data breaches
- right to be forgotten -> right to erasure
- data portability (hello ... Apple Health, Google Fit, Microsoft Office extended/unportable format, whatsoever)
- verifiable explicit consent for data collection (purpose included)
These are the things that makes me proud of the EU, and I just wish that GDPR were made more visible to the general public.