GDPR and privacy: IS IT STILL PRIVACY?
The new GDPR text regulates the protection of individuals regarding the processing of personal data and their free movement. It is not just a question of privacy but more generally of protection of the entire data ecosystem, opening up a real unprecedented phase in the field of personal data protection.
Understanding the differences between GDPR and the European privacy regulation currently in force (the "ePrivacy Regulation") is important for both companies and consumers. The ePrivacy regulation was issued to extend the scope of the current directive on the processing of personal data and in order to align the multiple online rules existing in the EU Member States regarding privacy. It takes into consideration all the definitions of privacy and data that have been introduced with the GDPR in order to define and improve it. In particular, it focuses on three concepts: 1) Unsolicited Marketing; 2) Cookies; 3) Privacy.
We see them in detail.
- Unsolicited Marketing: regulations now include any form of communication, including email and text messages, to be explicitly authorized before being used. Marketing operators cannot send e-mails or texts without prior authorization from the account holder.
- Privacy: since the ePrivacy Regulation constitutes an integration of the existing Privacy directive, one of the pre-established objectives is to expand the scope of online communications providers by attributing them the same requirements as traditional telecommunications providers. In this regard, companies that include Gmail, Skype, Facebook Messenger and WhatsApp are now required to provide the same level of data security as an oil supplier, for example.The suppliers of any electronic communication service are therefore required to guarantee all communications through the best available techniques.This implies the need for websites to remain technologically in sync with the best security systems available on the market.The new rules fuel the need to treat metadata in the same way as the actual content of a communication.The interception of any message is also prohibited, except where authorized by an EU member state, according to the law (a procedure similar to that used for a criminal investigation).
The GDPR was created for the purpose of aligning data privacy laws in all EU countries. An important update introduced by the GDPR is that the processing of any information concerning EU citizens is now protected, regardless of whether it takes place within the EU or not, or from the origin of the retailer. Any retailer worldwide who sells something to an EU citizen is required by law to guarantee his privacy. The idea of traffic data has been revised and expanded in the GDPR, now including all the metadata that derive as a result of the communications.
The GDPR also reinforces the idea of consent, of the way in which a user's personal information can be used or shared. Furthermore, it ensures that users have easy access to their personal data, and this is a fundamental requirement: all companies and websites that collect information from any user must "keep it" and make it available if requested.