• MarTech Today
  • Sections
    • Ads
    • Marketing
    • Content
    • Sales
    • Analytics
    • Management
    • Resources
    • More
    • Home
  • MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Mgmt
  • Resources
  • More
  • Events
  • SUBSCRIBE

MarTech Today

MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Management
  • Resources
  • More
  • Events
  • Newsletters
  • Home
Martech: Analytics & Data

Right To Be Forgotten 2.0: Better Privacy Rules Or Operational Nightmare?

Europe is effectively becoming the internet’s privacy cop, with implications for any company doing business in Europe and many outside Europe. We’ve seen the beginnings of this in the attempted global enforcement of the Right to Be Forgotten (RTBF) through Google.com. Now RTBF is being subsumed under a more sweeping set of rules in the […]

Greg Sterling on October 9, 2015 at 8:42 pm
  • More
eu-stars-bricks-ss-1920

Europe is effectively becoming the internet’s privacy cop, with implications for any company doing business in Europe and many outside Europe. We’ve seen the beginnings of this in the attempted global enforcement of the Right to Be Forgotten (RTBF) through Google.com. Now RTBF is being subsumed under a more sweeping set of rules in the form of the General Data Protection Regulation (GDPR).

RTBF is not being replaced; it’s being strengthened. Call it RTBF 2.0.

Not yet implemented, the GDPR has been in development since 2012 but not received much attention in the US. The GDPR is well intentioned and seeks to provide a uniform and updated privacy framework for all of Europe. However in practice the new rules may prove problematic and highly challenging for US and other non-EU companies.

Depending on your view, this comprehensive overhaul of Europe’s “data protection” laws is either a welcome update or a bureaucratic and legal nightmare in the making. If you’re a privacy advocate you’ll probably cheer the new rules. If you’re a technology company, journalist or publisher, you may be less sanguine. (The recent and related invalidation of the Safe Harbor rules governing data transfer between countries has created tremendous uncertainty in its wake.)

The GDPR is expansive and complex and makes a number of changes to European Commission jurisdiction, company responsibilities, liability and penalties associated with privacy rights and violations in Europe. Some critics have also argued that the new GDPR is a basic threat to free speech because it doesn’t provide sufficient protection to expression in its many forms (and to archived content in particular).

Supporters of the GDPR would of course disagree with these critiques.

Attorney Daphne Keller has written an in-depth discussion of the new rules and what they mean. Many provisions of the GDPR are highly technical — the different obligations and liability for “Data Controllers” vs. “Data Processors” for example. Beyond this, many questions about the practical impact of the GDPR remain uncertain or unexplained at this point.

According to Keller’s blog post the GDPR will extend EU privacy jurisdiction over companies with any connection to Europe, however slight:

The GDPR asserts jurisdiction over entities that offer services to or “monitor” EU users.  “Monitoring” seems to be defined broadly enough to include fairly standard web and app customization features, so the law reaches many online companies outside of the EU.  In practice, regulators presumably will not prioritize or dedicate limited resources to policing small and distant companies.  But the GDPR will be an issue for companies with growing EU user bases and presence in Europe; and regulators can choose to enforce the law against many more entities around the world.

Since the internet is a global marketplace, this jurisdictional expansion gives the GDPR potential global reach and impact. This may mean that de facto Europe will determine data handling and privacy policies for other non-EU markets as a practical matter — in the same way that RTBF-mandated removals from Google.com would have an impact outside of Europe.

Keller illustrates this in her discussion of the tension between content removals and free speech under the new law and its potential impact on non-EU countries:

[P]rocedural details in the GDPR’s removal and review process tilt the playing field in favor of privacy rights, and make users’ free expression rights harder to vindicate.  A final problem is that different countries have very different laws balancing free expression against other rights, including privacy or data protection.  Content that self-evidently should be removed in Europe may be protected and lawful speech in the US and other countries.  Applying EU removal standards to content in those countries creates a free expression issue for Internet speakers and readers there.

On the other side, the European Commission cites numerous consumer benefits under the new rules:

  • A ‘right to be forgotten’ will help people better manage data-protection risks online. When they no longer want their data to be processed and there are no legitimate grounds for retaining it, the data will be deleted.
  • Whenever consent is required for data processing, it will have to be given explicitly, rather than be assumed.
  • Easier access to one’s own data and the right of data portability, i.e. easier transfer of personal data from one service provider to another.
  • Companies and organizations will have to notify serious data breaches without undue delay, where feasible within 24 hours.
  • A single set of rules on data protection, valid across the EU.
  • Companies will only have to deal with a single national data protection authority – in the EU country where they have their main establishment.
  • Individuals will have the right to refer all cases to their home national data protection authority, even when their personal data is processed outside their home country.
  • EU rules will apply to companies not established in the EU, if they offer goods or services in the EU or monitor the online behavior of citizens.
  • Increased responsibility and accountability for those processing personal data.
    Unnecessary administrative burdens such as notification requirements for companies processing personal data will be removed.
  • National data protection authorities will be strengthened so they can better enforce the EU rules at home.

There will probably be many more discussions of various aspects of the law. The GDPR represents a significant new regulatory framework (or expansion of the current one) that will affect US and non-EU tech companies in myriad ways.

It’s important for those doing business in or with Europe to be aware of the new law and its potential implications. However many of those aren’t entirely clear at this point.


Opinions expressed in this article are those of the guest author and not necessarily MarTech Today. Staff authors are listed here.



About The Author

Greg Sterling
Greg Sterling is a Contributing Editor to Search Engine Land, a member of the programming team for SMX events and the VP, Market Insights at Uberall.

Related Topics

AnalyticsChannel: Martech: Analytics & DataGeneral Data Protection Regulation (GDPR)

Subscribe to receive daily martech news and expert insights. See terms.

Processing...Please wait.


We're listening.

Have something to say about this article? Share it with us on Facebook and Twitter.

Get the daily newsletter digital marketers rely on.

Processing...Please wait.

See terms.

ATTEND OUR EVENTS

Next Event: Sept. 14-15

Available On-Demand: March 2021

Available On-Demand: October 2020

×

Attend MarTech - Click Here


Learn More About Our MarTech Events

White Papers

  • Gartner Magic Quadrant for Digital Experience Platforms
  • Selecting a Customer Data Platform For Your Organization: The 2020 Gartner Market Guide
  • The Complete Guide to Web Core Vitals
  • The New Era of Automation in SEO
  • Nielsen Annual Marketing Report: Era of Adaptation
See More Whitepapers

Webinars

  • Drive Customer Engagement with the Power of Personalization
  • 7 Use Cases That Prove Why You Should Implement DAM
  • Accelerate Your SEO & Content Marketing Program with 4 Key Milestones
See More Webinars

Research Reports

  • Local Marketing Solutions for Multi-Location Businesses
  • Enterprise Digital Asset Management Platforms
  • Identity Resolution Platforms
  • Customer Data Platforms
  • B2B Marketing Automation Platforms
  • Call Analytics Platforms
See More Research

On-Demand Free Training

Receive daily martech news and analysis.

Channels

  • Advertising
  • Marketing
  • Content
  • Social
  • Commerce
  • Sales
  • Analytics
  • Management
  • Home

Our Events

  • MarTech
  • SMX

Resources

  • White Papers
  • Research
  • Webinars

About

  • About Us
  • Contact
  • Privacy
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS

© 2021 Third Door Media, Inc. All rights reserved.