The European Union passed a new rule, setting the stage for how companies are to share and manage personal data about users. Termed as the General Data Protection Regulation, by practice only applies to EU citizens. However, given the global nature of the internet, every online service will be affected.
In essence, GDPR builds on the rules that were set by the Privacy Shield and Data Protection Directive and further expands on them in two crucial ways. Primarily, obtaining user data won't be as simple as it used to be. Services need explicit and informed consent from users before they can collect their data.
The second most crucial aspect of the GDPR is that it places a massive fine on violators. The maximum penalty per violation is set at 4% of the company's global turnover or $20 million, whichever is higher. Hence if companies felt lethargic about implementing the new policies, a big fine such as this one, should get them on their feet.
On top of this, the companies have a deadline up until May 25th, 2018 before the new rules come into effect. This explains why companies such as Google and Slack has been silently busy updating their terms and rewriting their contracts.
Once set in motion, we should notice changes in how data is being collected. A lot more transparency will be involved. However, this also means that there is going to be an increase in the number of “click to proceed” boxes while surfing the internet.
Besides data collection, the rule also reshapes how the collected data is going to be handled. This means all the companies will have to change their existing approach to data analytics, and most importantly, advertising. All companies will also have to disclose their ad-partners, with whom they are sharing user data.
Now, whether or not this will help make data collection less intrusive is still a question only time will tell. However, it should be noted that considering the state we are currently in, user data harvesting can't get any creepier or invasive.
The main interest is in seeing whether or not the rule creates a division between the EU and rest of the internet. Companies might choose to split off EU data, which will ultimately result in an overall different internet experience between European users and the rest of the world.