- New EU regulation on data protection will come into force as early as May 2018
- Data collectors and traders facing difficult times
- Why the eBlocker remains indispensable
Annoying and dangerous: As soon as you look at flights on the Internet, other sites are teeming with travel offers minutes later. And it is not unusual for attractive people to compete for a meeting on advertising banners, who allegedly live directly in the neighborhood. Coincidence? No! Almost all websites spy on visitors and create detailed personality profiles. At least the European Union (EU) plans to put an end to this soon and wants to improve data protection on the web significantly. Two new laws are to come into force in the course of the year: the basic EU data protection regulation and the ePrivacy regulation. And they have it in itself – for web browsing, a lot will change, as eBlocker founder Christian Bennefeld explains in the following.
EU Data Protection Ordinance replaces Federal Data Protection Act
The basic EU data protection regulation (DSGVO), which contains general rules for the protection of personal data, was adopted as early as 2016. From May 2018, it replaces the current Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). The newly created European data protection law does not change everything – but a lot. It strengthens the rights of consumers in many points – and is beyond that no longer a toothless tiger. Instead of a maximum fine of 300,000 euros as in the BDSG, completely different house numbers are threatened if the DSGVO is violated. Penalties of up to 20 million euros or up to 4 percent of a company’s total worldwide annual sales are now possible.
The most important points:
Reservation of consent:
The tacit consent to the collection of data is no longer sufficient; from May, this consent will be given in accordance with strict guidelines. Surfers must explicitly give their consent to the processing of personal data concerning them for one or more specific purposes.
Companies must inform their customers of the legal basis for processing the data, the purpose, the duration of storage, the criteria for the duration of storage or the passing on to contract data processors. Information on information, revocation and deletion of personal data is obligatory.
Last but not least, the operator must be able to prove at any time that the user has given his consent to the processing of personal data.
However, it is still unclear how the requirement of consent should look in practice. One thing is clear: web browsers must either allow or forbid each site operator to process personal data. It will not go on without a decision to that effect. It is unlikely that the new regulation will lead to pages of instructions on every website, which hardly any user goes through and bypasses unread. After all, the legislator demands an “informed consent” that everyone should understand without long reading. Therefore, various check boxes, selection settings per click or similar are more realistic.
A contract may no longer be made dependent on the data subject giving consent to data processing. One example is the notorious “sweepstake links”, in which people are only allowed to take part in a lottery if they agree to the use of personal data for marketing purposes. Another example is ad-blockers. The common practice of websites denying users of ad-blockers access to content could also be banned.
Transparency Requirement and Earmarking:
Providers must report all data collected in a completely transparent manner and name any service providers who are entrusted with the processing. In addition, data may only be processed for the aforementioned purpose. Example: If a customer leaves personal data such as his address when making a purchase in the online shop, this must not fall into the hands of an address dealer.
Duty to Delete and “Right to Forget”:
Users may request the deletion of all personal data in accordance with the new legislation. If companies pass on data about a person, they are also obliged to inform other bodies that also process this data about the data subject’s claim for deletion. In addition, the “right to forget” applies, in which old content, such as any critical reports about a person, must be removed from the search engines and other places on request.
Where does the DSGVO apply? In future, the customer-friendly marketplace principle will apply. This means that when an offer is made to consumers in the EU, the DSGVO automatically applies. For example, a German-language website or prices in euros are sufficient. As a result, the number of companies affected is significantly lower. And Facebook, Google, Amazon & Co. can no longer insist on US law or lax Irish law in data processing.
Even Harder: The ePrivacy Regulation
In addition, the second law, the ePrivacy Ordinance, which contains additional regulations, particularly in the area of online communication, will probably not be introduced until the end of 2018 at the earliest. For example, it is intended to considerably restrict the tracking of users to form profiles: users should no longer be informed merely about the use of data collectors, but also be given the opportunity to object to their use – the business basis of many data-hungry companies, which like Google, Microsoft and Facebook offer free services against user data, would thus be considerably more difficult. However, their luck: If users have already opened a user account with the respective provider, they have agreed to the processing of their data by confirming the GTC – the ePrivacy Regulation does not apply in this case and everything remains the same.
The fact is in the near future a lot will change for web surfers. From a data protection point of view, there is certainly much to be welcomed. But it will be some time before that happens. And it threatens to become much more complicated when surfing. If you want the best, most convenient data protection today and in the future, you can rely on the proven eBlocker. Connected to the home network, the compact device anonymizes the online behavior of all Internet-enabled devices in the network. It protects not only the computer but also tablets, smart TVs, game consoles and IoT devices for which there are no other ways to protect privacy.