Internet privacy rules are being transformed. And although the impulse comes from Europe, according to experts, the protection of the new General Data Protection Regulation (GDPR) will cross its borders.
During June, the first month that the GDPR takes effect, thousands of companies must focus on the user and the data they obtain and relate to him. Therefore, your email account, the transport application, the site where you watch series on the Internet and practically the vast majority of the digital services you use are asking you to renew ‘votes’ and accept the new conditions.
1.What is it about?
The GDPR is a new privacy regulation of the European jurisdiction. Although it was accepted on May 25, 2016, it entered into force two years later. Until then, the countries of the European Union were governed by Directive 95/46 and the corresponding national standards. After May 25, organizations that collect, manage and use personal data must be governed by the new rules, which are stricter.Why is it important?
2.Why is it important?
According to Robin Wilton, director of the technical extension of Identity and Privacy of the non-profit organization Internet Society, “For the first time a law tries to reach beyond the European Union.” The rules will apply not only to EU organizations, but also to foreign organizations that process data in Europe or collect data from European citizens. Therefore, companies such as Facebook and Google, among many others, will have to be governed by that legislation. “This is an excellent effort to extend the personal protection of users and a great start,” Wilton explained.
It is also important because of the context in which the legislation arises. At a time of concerns about the protection of user information in cases such as the iconic Facebook-Cambrigde Analytica scandal, and growing scrutiny about the role of internet giants in phenomena such as hate speech and fake news. Authorities from countries that go from the United States and the members of the European Union to India and Kenya have demanded more clarity on the handling of information.
3.What does the GDPR do?
There are new requirements regarding consent, transparency and responsibility.
Organizations that collect and process the data must show “unequivocally” the consent of the interested user with the form and purpose for which their information will be used.They must request consent in case of using the information collected for a purpose other than the one originally authorized, and the law is clear that “silence, previously marked boxes or inactivity do not constitute consent”.
With the GDPR, organizations will have to be clearer about what type of data they are collecting and what they will be used for. The intention is to provide the user with an understanding of what is happening with their information, but also to facilitate access to controls and options to deny their consent if they wish. It also sets priorities for the protection of the data of minors.
4.How would you achieve compliance?
The GDPR brings a new mechanism of penalties that can be millionaires in the case of companies. In terms of fines, there are two notions of maximum penalties. If it is a set of rules, not serious violations, it could be a maximum of 10 million euros or 2 percent of your annual earnings, as the cap that is higher. But if the most serious rules are violated, the maximum would be double, that is, 20 million euros or 4% of your annual earnings.How does it impact Colombia?
5.How does it impact Colombia?
Experts in the field agree that the new rules will be an important legislative reference for Colombia and the Latin American region.
According to Mauricio Jaramillo, director of ImpactoTic.co, the new regulation focuses on the privacy of European citizens, so that Colombian and Latin American companies that have businesses or whose web traffic passes through the European Union should consider implementing the GDPR. For example, an ecommerce that has visitors from Spain should treat the information of those users according to the GDPR.
“Although the requirements are more demanding, and they will be also for European and US companies in regulation. Colombia is ahead of countries like Chile and Mexico, and would be closer to being able to meet the requirements, ”he explained.
On the other hand, María Claudia Caviedes, delegated superintendent for the Protection of Personal Data of the Superintendence of Industry and Commerce, said that the GDPR has generated more conversation on the subject in different discussion scenarios. “It is important the interest that has aroused in the country and the possibility that different actors and stakeholders begin to discuss where we should focus the Colombian regulation.” According to Caviedes, Colombia has a good personal data protection standard that local companies are still assimilating and implementing.Therefore, the superintendent believes that the priority will not be to make changes to current Colombian law.