The looming deadline for the EU General Data Protection Plan means that companies have a duty to be extremely clear about what data they're collecting on you and what they're doing with it, and give you a chance to refuse — they've already had a duty to do this for a very long time under both EU law and California law, but the difference this time around is that the GDPR has large, terrifying teeth: companies that fail to comply can be fined 4% of their annual global turnover.
The Electronic Frontier Foundation's Danny O'Brien has written a useful, sprightly guide to how this all works, what to look for in the emails you get, and what new rights the GDPR may or may not afford you. One tidbit I was amused by is that Facebook does indeed have a legal theoryexplaining how it plans to continue to spy on Americans but only Europeans can see it.
When it comes to changes in these terms, most of the work will be spelling out those "specified purposes" in more detail, as well as explaining why the company thinks they can legitimately process it under the GDPR.But there may also be changes in your ability to look at the data itself, and change it. For instance, Twitter users can now peer at the full pile of data that that company has picked up on them from their tweets and cross-referenced advertisers databases. You can also delete data that you don't want Twitter to keep using.
That right of access also means that you can take your information with you. Under the GDPR, companies have to provide "data portability" — which means that they should provide you with your data in a way that lets you easily move it to a competing service – at least if you are in Europe.
Again, some companies have already offered this ability. Google has offered "Google Takeout", Facebook its archive download feature, and Twitter its tweet archive. But their implementations have often been patchy and incomplete.
Now more companies will provide these data dumps. The pre-existing services have already markedly improved. For users in the EU, they should also offer a way to truly and permanently delete your account and all its data.
Why Am I Getting All These Terms of Service Update Emails?
[Danny O'Brien/EFF]
