• MarTech Today
  • Sections
    • Advertising
    • Marketing
    • Content
    • Social
    • Commerce
    • Sales
    • Analytics
    • Management
    • All
    • Home
  • Follow Us
    • Follow
  • MarTech Today
  • Ads
  • Marketing
  • Content
  • Social
  • Sales
  • Analytics
  • Mgmt
  • More
  • Events
    • Follow
  • SUBSCRIBE

MarTech Today

MarTech Today
  • Advertising
  • Marketing
  • Content
  • Social
  • Commerce
  • Sales
  • Analytics
  • Management
  • All
  • Events
  • Newsletters
  • Home
Martech: Analytics & Data

Subscribe to MarTech Today to receive news and insights of where marketing, technology, and management converge.

Note: By submitting this form, you agree to Third Door Media's terms. We respect your privacy.


Right To Be Forgotten 2.0: Better Privacy Rules Or Operational Nightmare?

Europe is effectively becoming the internet’s privacy cop, with implications for any company doing business in Europe and many outside Europe. We’ve seen the beginnings of this in the attempted global enforcement of the Right to Be Forgotten (RTBF) through Google.com. Now RTBF is being subsumed under a more sweeping set of rules in the […]

Greg Sterling on October 9, 2015 at 8:42 pm
  • More
eu-stars-bricks-ss-1920

Europe is effectively becoming the internet’s privacy cop, with implications for any company doing business in Europe and many outside Europe. We’ve seen the beginnings of this in the attempted global enforcement of the Right to Be Forgotten (RTBF) through Google.com. Now RTBF is being subsumed under a more sweeping set of rules in the form of the General Data Protection Regulation (GDPR).

RTBF is not being replaced; it’s being strengthened. Call it RTBF 2.0.

Not yet implemented, the GDPR has been in development since 2012 but not received much attention in the US. The GDPR is well intentioned and seeks to provide a uniform and updated privacy framework for all of Europe. However in practice the new rules may prove problematic and highly challenging for US and other non-EU companies.

Depending on your view, this comprehensive overhaul of Europe’s “data protection” laws is either a welcome update or a bureaucratic and legal nightmare in the making. If you’re a privacy advocate you’ll probably cheer the new rules. If you’re a technology company, journalist or publisher, you may be less sanguine. (The recent and related invalidation of the Safe Harbor rules governing data transfer between countries has created tremendous uncertainty in its wake.)

The GDPR is expansive and complex and makes a number of changes to European Commission jurisdiction, company responsibilities, liability and penalties associated with privacy rights and violations in Europe. Some critics have also argued that the new GDPR is a basic threat to free speech because it doesn’t provide sufficient protection to expression in its many forms (and to archived content in particular).

Supporters of the GDPR would of course disagree with these critiques.

Attorney Daphne Keller has written an in-depth discussion of the new rules and what they mean. Many provisions of the GDPR are highly technical — the different obligations and liability for “Data Controllers” vs. “Data Processors” for example. Beyond this, many questions about the practical impact of the GDPR remain uncertain or unexplained at this point.

According to Keller’s blog post the GDPR will extend EU privacy jurisdiction over companies with any connection to Europe, however slight:

The GDPR asserts jurisdiction over entities that offer services to or “monitor” EU users.  “Monitoring” seems to be defined broadly enough to include fairly standard web and app customization features, so the law reaches many online companies outside of the EU.  In practice, regulators presumably will not prioritize or dedicate limited resources to policing small and distant companies.  But the GDPR will be an issue for companies with growing EU user bases and presence in Europe; and regulators can choose to enforce the law against many more entities around the world.

Since the internet is a global marketplace, this jurisdictional expansion gives the GDPR potential global reach and impact. This may mean that de facto Europe will determine data handling and privacy policies for other non-EU markets as a practical matter — in the same way that RTBF-mandated removals from Google.com would have an impact outside of Europe.

Keller illustrates this in her discussion of the tension between content removals and free speech under the new law and its potential impact on non-EU countries:

[P]rocedural details in the GDPR’s removal and review process tilt the playing field in favor of privacy rights, and make users’ free expression rights harder to vindicate.  A final problem is that different countries have very different laws balancing free expression against other rights, including privacy or data protection.  Content that self-evidently should be removed in Europe may be protected and lawful speech in the US and other countries.  Applying EU removal standards to content in those countries creates a free expression issue for Internet speakers and readers there.

On the other side, the European Commission cites numerous consumer benefits under the new rules:

  • A ‘right to be forgotten’ will help people better manage data-protection risks online. When they no longer want their data to be processed and there are no legitimate grounds for retaining it, the data will be deleted.
  • Whenever consent is required for data processing, it will have to be given explicitly, rather than be assumed.
  • Easier access to one’s own data and the right of data portability, i.e. easier transfer of personal data from one service provider to another.
  • Companies and organizations will have to notify serious data breaches without undue delay, where feasible within 24 hours.
  • A single set of rules on data protection, valid across the EU.
  • Companies will only have to deal with a single national data protection authority – in the EU country where they have their main establishment.
  • Individuals will have the right to refer all cases to their home national data protection authority, even when their personal data is processed outside their home country.
  • EU rules will apply to companies not established in the EU, if they offer goods or services in the EU or monitor the online behavior of citizens.
  • Increased responsibility and accountability for those processing personal data.
    Unnecessary administrative burdens such as notification requirements for companies processing personal data will be removed.
  • National data protection authorities will be strengthened so they can better enforce the EU rules at home.

There will probably be many more discussions of various aspects of the law. The GDPR represents a significant new regulatory framework (or expansion of the current one) that will affect US and non-EU tech companies in myriad ways.

It’s important for those doing business in or with Europe to be aware of the new law and its potential implications. However many of those aren’t entirely clear at this point.



About The Author

Greg Sterling
Greg Sterling is a Contributing Editor at Search Engine Land. He writes about the connections between digital and offline commerce. He previously held leadership roles at LSA, The Kelsey Group and TechTV. Follow him Twitter or find him on LinkedIn.

Related Topics

AnalyticsChannel: Martech: Analytics & DataGeneral Data Protection Regulation (GDPR)

Subscribe to MarTech Today to receive news and insights of where marketing, technology, and management converge.

Note: By submitting this form, you agree to Third Door Media's terms. We respect your privacy.


We're listening.

Have something to say about this article? Share it with us on Facebook and Twitter.

ATTEND OUR CONFERENCES

April 15-17, 2020: San Jose

October 6-8, 2020: Boston

×

Attend MarTech - Click Here


Learn More About Our MarTech Events

White Papers

  • How Good Partnerships Should Reduce Your Workflow
  • Digital Insights 2019: How marketers confront the obstacles of digital customer engagement
  • 14 Industry Experts on the Future of Attribution
  • The Essential Guide to Protecting Your Ad Spend from Invalid Traffic
  • How to Turn Leads into Repeat Customers
See More Whitepapers

Webinars

  • The Fantastic 5: Emerging strategies to drive conversions & growth
  • CCPA Goes Live in Weeks: Is your marketing measurement ready?
  • 4 Ways to Get Started With Agile Marketing
See More Webinars

Research Reports

  • Enterprise Digital Asset Management Platforms
  • Identity Resolution Platforms
  • Customer Data Platforms
  • B2B Marketing Automation Platforms
  • Enterprise SEO Platforms
  • Call Analytics Platforms
See More Research
Sidebar Inbox Deliverability 2019
Sign up for the NEW MarTech Today.
Martech Today
Download the Martech Today app on iTunes
Download the Martech Today App on Google Play

Channels

  • Advertising
  • Marketing
  • Content
  • Social
  • Commerce
  • Sales
  • Analytics
  • Management
  • Home

Our Events

  • MarTech West
  • MarTech East

Resources

  • White Papers
  • Research
  • Webinars
  • MarTech Conference

About

  • About Us
  • Contact
  • Privacy
  • Advertise
  • Marketing Services
  • Staff
  • Connect With Us

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • Instagram
  • RSS
  • iOS App
  • Google Play

© 2019 Third Door Media, Inc. All rights reserved.