(Reuters) – A milestone European law of integrity makes waves all over the world a year after its entry into force, fundamentally changing the way data is handled like Facebook, Apple and Google are facing increasingly common complaints.
Adopted May 25 This year's goal is to protect all EU citizens from integrity and data breaches, regardless of which part of the world the data manager is in.
The new regulation has forced global companies to reconsider their own rules, inspirational territories from Brazil to China and India to California to develop their own privacy and security regulations based on a de facto GDPR benchmark.
"GDPR has fundamentally changed Facebook as a company," says the world's largest social network in an email. a number of improvements to the users' privacy controls that it had implemented, along with additions to its compliance team.
In the wake of increased awareness of data security, was driven by Facebook's Cambridge Analytica scandal where personal data was harvested from millions of users without their consent, financial sanctions and legal tests will follow.
"There will be a year in which we see and test how the rules are interpreted," says Cristina Cabella, IBM's chief security officer, who oversees a team of dozens of lawyers worldwide for multinational technology.
The scandal in Cambridge Analytica, which broke out just before GDPR came into force, resulted in a weak $ 500,000 ($ 632,000) fine in the UK ̵
The biggest penalty so far, EUR 50 million, has gone to Google because it failed to secure users' consent to personal ads in France.
More can be on the road, with over 95,000 complaints being submitted to national data enforcers who trigger 225 investigations.
Facebook, the target for seven surveys of the Irish data protection guard, could face its first sanction this summer. Its WhatsApp and Instagram subsidiaries are the focus of separate probes in Dublin.
Ireland, the engineering regulator of the technology giants, because their European headquarters are there, also examines Twitter, Microsoft's LinkedIn and Apple, with decisions in any case expected this year.
GDPR has been able to raise awareness of personal information between individuals and businesses and how to protect it, says Benoit Van Asbroeck, a partner at the Bird & Bird law firm.
"Everywhere people realize that data is a key factor," he says.
The new rules can force companies to clean houses, which means that they will be more effective in data collection and analysis, and in building confidence in consumers, says Mrs Cabella.
"People can have greater confidence in the companies that process their tasks in a transparent way, and that is a competitive advantage," she told Reuters.
Inhibitory Artificial Intelligence  There is a risk that the rules could prevent Europe's bid to lead to artificial intelligence, making it a disadvantage compared to the United States and Asia, where the legal threshold is lower, says Van Asbroeck.
"Protection for people are too loud. It will backfire for the development of artificial intelligence in the EU. To develop AI you need to practice algorithms with data. Some of these are personal data that must be in line with the GDPR, which makes it difficult for some companies, he says.
Google, Facebook and Apple with their massive user data panties and contractual consent to use it would not face any problems, but the same cannot be said of other companies without the same access to information volumes, he said.
The American thought The Information and Innovation Foundation said there was a case to modify the GDPR.
"If the EU wants to thrive in the algorithmic economy, it must reform the GDPR, for example, by extending authorized uses of AI in the public interest, enabling the resumption of data that is only a minimal risk, not penalizing automated decision making," The
VZBV, the Federal Umbrella for German Consumer Protection, said the right to data portability – which allows individuals to acquire and re-use their personal data for their own purposes over various services – should be clarified, etc.
"We need industry-specific codes of conduct for data transfer . Here, companies must agree on standards with data protection authorities and civil society, says CEO VDBV Klaus Mueller.