The new law is called the General Data Protection Regulation (GDPR) and it went into effect on May 25 after it was introduced two years ago. Companies are making a late push to make sure that their apps and websites meet the new guidelines because if they fail to do so there’s a potentially massive fine of up to 4% of their global revenue or 20 million euros (whichever is higher). The new rules are an attempt to protect the personal data and privacy of EU citizens.
Apps and websites collect a lot of personal data whether you realize it or not, such as name, gender, marital status, age, and where you live. That data is used for targeted advertisements and marketing. The GDPR forces companies to be more transparent and provide more details on how they acquire your data, how they use it, and who they are giving that information to.
The 261-page law states that companies must get consent from users before storing and “processing” their personal information. For the consumer that means you’ll receive simpler language about data collection and less vague legalese and pages of terms and conditions. “Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language,” the GDPR says. The requests to get consent must be “freely given, specific and informed.” Companies must give notifications when the users’ data is being used.
According to a study by mobile-software development management platform SafeDK, over 55% of top apps failed to meet GDPR stipulations.
Some apps have not been able to abide by the new rules and were forced to shut down for good. Klout, the site which measured how much social media influences accounts have, closed down on May 25. Email unsubscribing service Unroll.me announced they could not comply with the GDPR regulations and announced that they would stop the service for European users. Mobile games such as Loadout and Super Monday Night Combat also were killed by the GDPR.
Another aspect to the GDPR is that apps are not allowed to collect data about children under the age of 16. Also, companies must alert users of a data breach within 72 hours. “GDPR will put public pressure on companies to disclose more information about breaches around the world, much quicker than they have in the past,” said Travis Jarae, chief executive officer of security advisory company One World Identity.